A sign for Microsoft Corp. at the company’s office in the central business district of Lisbon, Portugal, on Tuesday, Dec. 27, 2022.
Zed Jameson | Bloomberg | Getty Images
Microsoft warned Wednesday that Chinese state-sponsored hackers had compromised “critical” U.S. cyber infrastructure across numerous industries with a focus on gathering intelligence.
The Chinese hacking group, code-named “Volt Typhoon,” has operated since mid-2021, Microsoft said in an advisory. The organization is apparently working to disrupt “critical communications infrastructure between the United States and Asia,” Microsoft said, to stymie efforts during “future crises.”
The National Security Agency put out a bulletin Wednesday, detailing how the hack works and how cybersecurity teams should respond.
The attack is apparently ongoing. In the advisory, Microsoft urged impacted customers to “close or change credentials for all compromised accounts.”
U.S. intelligence agencies became aware of the incursion in February, around the same time that a Chinese spy balloon was downed, The New York Times reported.
In a briefing Thursday in Beijing, a spokesperson for China’s Ministry of Foreign Affairs dismissed the report and advisories as “filled with disinformation,” and asserted that the U.S. “is the champion of hacking.” The spokesperson also claimed that the report was part of a coordinated campaign from the Five Eyes intelligence-sharing alliance, which is made up of agencies from Australia, Canada, New Zealand, the U.K. and the U.S.
The infiltration was focused on communications infrastructure in Guam and other parts of the U.S., the Times reported, and was particularly alarming to U.S. intelligence because Guam sits at the heart of an American military response in case of an invasion of Taiwan.
Volt Typhoon is able to infiltrate organizations using a unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once the hacking group has gained access to a corporate system, it steals user credentials from the security suite and uses them to try to gain access to other corporate systems.
The state-sponsored hackers aren’t looking to create disruption yet, Microsoft said. Rather, “the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
Infrastructure in nearly every critical sector has been impacted, Microsoft said, including the communications, transport and maritime industries. Government organizations were also targeted.
Chinese government-backed hackers have targeted critical and sensitive information from U.S. companies before. Covington & Burling, a prominent law firm, was breached by suspected Chinese state-sponsored hackers in 2020.
In a Thursday editorial, the Chinese state-backed paper China Daily dismissed Microsoft’s analysis and the intelligence community warnings as “political propaganda.”
In a joint statement with international and domestic intelligence services, the Cybersecurity and Infrastructure Security Agency warned that Chinese attacks pose a continued risk to American intellectual property.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” CISA Director Jen Easterly said in a statement.