State-sponsored Chinese hackers have infiltrated critical US infrastructure networks, the US, its Western allies and Microsoft said on Wednesday, adding that similar espionage attacks could be occurring globally.
Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets, but said “malicious” activity had also been detected elsewhere in the US.
The stealthy attack — carried out by a China-sponsored actor dubbed “Volt Typhoon” since mid-2021 — enabled long-term espionage and was likely aimed at hampering the US if there was conflict in the region, it said.
Photo: AP
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the statement said.
“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors,” it said.
Microsoft’s statement coincided with an advisory released by US, Australian, Canadian, New Zealand and British authorities.
They said a “state-sponsored cyber actor” from China was behind Volt Typhoon, and that the hacking was likely occurring globally.
“This activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory said.
The US and its allies said the activities involved “living off the land” tactics, which take advantage of built-in network tools to blend in with normal Windows systems.
It warned that the hacking could incorporate legitimate system administration commands that appear “benign.”
Volt Typhoon tried to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and virtual private network hardware, Microsoft said.
“They have also been observed using custom versions of open-source tools,” Microsoft said.
Microsoft and the security agencies released guidelines for organizations to detect and counter the hacking.
“It’s what I would term a low and slow cyberactivity,” said Alastair McGibbon, chief strategy officer at Australia’s CyberCX and a former head of the Australian Cyber Security Centre.
“When you think about something that can really cause catastrophic harm, it is someone with intent who takes time to get into systems,” he said.
Once inside, the cyberattackers can steal information, he said.
While China and Russia have long targeted critical infrastructure, Volt Typhoon offered new insights into Chinese hacking, said John Hultquist, chief analyst at US cybersecurity company Mandiant.
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” he said.
“As a result, their capability is quite opaque. This disclosure is a rare opportunity to investigate and prepare for this threat,” he said.
Taiwan aims to open 18 representative offices and seven Taiwan Tourism Information Centers worldwide by next year to attract international visitors, the Tourism Administration said on Saturday. The agency has so far opened three representative offices abroad this year and would open two more before the end of the year, it said. It has also already opened information centers in Jakarta, Mumbai and Paris, and is to open one in Vancouver next month and in Manila in December, it said. Next year, it would also open offices in Amsterdam, Dubai and Sydney, it added. While the Cabinet did not mention international tourists in its
EYES AT SEA: Many marine enthusiasts have expressed interest in volunteering for coastal patrols, which would help identify stowaways and illegal fishing, the CGA said Six thousand coastal patrol volunteers are to be recruited for 159 inspection offices to enhance the nation’s response to “gray zone” conflicts, Coast Guard Administration (CGA) sources said yesterday. Volunteer teams would be established to increase the resilience of coastal defense systems in the wake of two unlawful entries attempted by Chinese over the past three months, Ocean Affairs Council Minister Kuan Bi-ling (管碧玲) said. A former Chinese navy captain drove a motorboat into the Tamsui River (淡水河) in Taipei on the eve of the Dragon Boat Festival in June, while another Chinese man sailed in a rubber boat into the Houkeng
NEXT LEVEL: The defense ministry confirmed that a video released last month featured personnel piloting new FPV drone systems being developed by the Armaments Bureau Taipei and Washington are pushing for their drone companies to work together to establish a China-free supply chain, the Financial Times reported on Friday. A delegation of high-level executives and US government officials were yesterday to arrive in Taipei to discuss with their Taiwanese counterparts collaboration on drone technology procurement and development, the report said. The executives represent 26 US manufacturers of drone and counter-drone systems, while the officials are from the US Department of Commerce and the US Department of Defense’s Defense Innovation Unit, along with Dev Shenoy, principal director for microelectronics in the Office of the Under Secretary of Defense
‘ANONYMOUS 64’: A national security official said that it is an attempt by China to increase domestic anti-Taiwanese sentiment and inflame cross-strait tensions The Ministry of National Defense’s (MND) Information, Communications and Electronic Force Command (ICEFCOM) yesterday denied accusations by China that it had undermined regional security by carrying out cyberattacks against targets in China, adding instead that Beijing was responsible for raising tensions and undermining regional peace. The Chinese Ministry of State Security on WeChat accused a hacker group called “Anonymous 64” of targeting China, Hong Kong and Macau starting earlier this year through frequent cyberattacks. The group carried out cyberattacks to seize control of Web sites, outdoor electronic billboards and video-on-demand platforms in China, Hong Kong and Macau, it said, adding the hackers’