State sponsored Chinese hackers spying on crucial US infrastructure networks, says Western intelligence

State-sponsored Chinese hackers have hacked crucial US infrastructure networks, the US, its Western allies, and Microsoft announced on Wednesday, warning that similar espionage strikes might occur internationally. Microsoft singled out Guam, a US island in the Pacific Ocean with an important military installation, as one of the targets, but added that “malicious” activity had been discovered elsewhere in the US. The stealthy attack, carried out by a China-sponsored actor called “Volt Typhoon” since mid-2021, facilitated long-term spying and was likely targeted at hindering the US if there was violence in the region, according to the report. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the statement said. “In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.” Microsoft’s statement coincided with an advisory released by US, Australian, Canadian, New Zealand and UK authorities. They said a “state-sponsored cyber actor” from China was behind Volt Typhoon and that the hacking was likely occurring globally. “This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory said. ‘Living off the land’ The US and its partners claimed the actions constituted “living off the land” strategies that use built-in network capabilities to blend in with standard Windows PCs. It cautioned that the attack may potentially include “benign” lawful system management instructions. Volt Typhoon, according to Microsoft, attempted to blend into regular network activity by routing traffic through the infected small office and home office network equipment, such as routers, firewalls, and VPN devices. “They have also been observed using custom versions of open-source tools,” Microsoft said. Microsoft and the security agencies released guidelines for organisations to try and detect and counter the hacking. “It’s what I would term a low and slow cyber activity,” said Alastair McGibbon, chief strategy officer at Australia’s CyberCX and a former head of the Australian Cyber Security Centre. “This is someone wearing a camouflage vest and carrying a sniper rifle. You don’t see them, they’re not there,” he told AFP. “When you think about something that can really cause catastrophic harm, it is someone with intent who takes time to get into systems.” Once inside, the cyber attackers can steal information, he said. “But it also gives you the ability to carry out destructive acts at a later stage.” ‘Highly sophisticated’ While China and Russia have long targeted critical infrastructure, Volt Typhoon offered new insights into Chinese hacking, according to John Hultquist, the chief analyst at US cybersecurity company Mandiant. “Chinese cyber threat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyber attacks,” he said. “As a result, their capability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat.” The director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, also released a warning related to Volt Typhoon. “For years, China has conducted operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations around the globe,” Easterly said. “Today’s advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation’s critical infrastructure. “This joint advisory will give network defenders more insights into how to detect and mitigate this malicious activity.” China offered no immediate response to the allegations. But it routinely denies carrying out state-sponsored cyber attacks. China in turn regularly accuses the United States of cyber espionage. Read all the  Latest News ,  Trending News ,  Cricket News ,  Bollywood News , India News  and  Entertainment News  here. Follow us on  Facebook,  Twitter and  Instagram.