Selloff or Market Correction? Either Way, Here's What to Do NextSee Overvalued Stocks

Chinese hackers spying on US critical infrastructure, Western intelligence says

Published 05/24/2023, 04:27 PM
Updated 05/25/2023, 04:00 AM
© Reuters. FILE PHOTO: A Microsoft logo is seen a day after Microsoft Corp's $26.2 billion purchase of LinkedIn Corp, in Los Angeles, California, U.S. June 14, 2016. REUTERS/Lucy Nicholson/File Photo
MSFT
-
GOOGL
-
GOOG
-

By Zeba Siddiqui and Christopher Bing

(Reuters) -A state-sponsored Chinese hacking group has been spying on a wide range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft (NASDAQ:MSFT) said on Wednesday.

The espionage has also targeted the U.S. island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding that "mitigating this attack could be challenging."

While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.

Chinese foreign ministry spokesperson Mao Ning said on Thursday the hacking allegations were a "collective disinformation campaign" from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.

Mao said the campaign was launched by the U.S. for geopolitical reasons and that the report from Microsoft analysts showed that the U.S. government was expanding its channels of disinformation beyond government agencies.

"But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking," she told a regular press briefing in Beijing.

It was not immediately clear how many organizations were affected, but the U.S. National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation to identify breaches. Canada, UK, Australia and New Zealand warned they could be targeted by the hackers too.

Microsoft analysts said they had "moderate confidence" this Chinese group, which it dubbed as 'Volt Typhoon', was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

"It means they are preparing for that possibility," said John Hultquist, who heads threat analysis at Google (NASDAQ:GOOGL)'s Mandiant Intelligence.

The Chinese activity is unique and worrying also because analysts don't yet have enough visibility on what this group might be capable of, he added.

"There is greater interest in this actor because of the geopolitical situation."

As China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, U.S. President Joe Biden has said he would be willing to use force to defend Taiwan.

Security analysts expect Chinese hackers could target U.S. military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.

"It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems," Paul Chichester, director at the UK's National Cyber Security Centre said in a joint statement with the NSA.

Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

NSA cybersecurity director Rob Joyce said the Chinese campaign was using "built-in network tools to evade our defenses and leaving no trace behind." Such techniques are harder to detect as they use "capabilities already built into critical infrastructure environments," he added.

As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim's existing systems to find information and extract data.

Guam is home to U.S. military facilities that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyber attacks in the region, said the submarine cables made Guam "a logical target for the Chinese government" to seek intelligence.

"There is high vulnerability when cables land on shore," he said.

New Zealand said it would work towards identifying any such malicious cyber activity in its country.

© Reuters. FILE PHOTO: A Microsoft logo is seen a day after Microsoft Corp's $26.2 billion purchase of LinkedIn Corp, in Los Angeles, California, U.S. June 14, 2016. REUTERS/Lucy Nicholson/File Photo

"It's important for the national security of our country that we're transparent and upfront with Australians about the threats that we face," Australia's Minister for Home Affairs and Cyber Security Clare O'Neil said.

Canada's cybersecurity agency said it had no reports of Canadian victims of this hacking as yet. "However, Western economies are deeply interconnected," it added. "Much of our infrastructure is closely integrated and an attack on one can impact the other."

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.