Chinese state-sponsored hackers have been engaged in espionage activities targeting various critical infrastructure organizations in the United States, including telecommunications and transportation hubs, according to reports from Western intelligence agencies and Microsoft.
The hacking campaign has also focused on the U.S. territory of Guam, which is home to strategically significant American military bases. Microsoft warns that effectively countering this attack could present significant challenges.
Analysts suggest that while both China and the United States engage in mutual spying activities, this recent cyber-espionage campaign by China against American critical infrastructure is believed to be one of the largest on record.
The extent of the impact on affected organizations remains unclear at this time. The U.S. National Security Agency (NSA) has disclosed its collaboration with partners such as Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation, in an effort to identify breaches. Furthermore, Canada, the UK, Australia, and New Zealand have cautioned that they too could become targets of the hackers.
Microsoft analysts have expressed "moderate confidence" that the Chinese hacking group known as 'Volt Typhoon' is developing capabilities to disrupt critical communications infrastructure between the United States and the Asia region in potential future crises.
This indicates their preparedness for such scenarios, according to John Hultquist, the head of threat analysis at Google's Mandiant Intelligence.
The unique and concerning aspect of the Chinese group's activities is that analysts still lack sufficient visibility into their full capabilities. Hultquist emphasized that the geopolitical situation has intensified interest in this particular actor.
China's increased military and diplomatic pressure in its claim over Taiwan, which is governed democratically, has prompted a response from U.S. President Joe Biden, who has expressed willingness to employ force to protect Taiwan if necessary.
Security analysts warn that Chinese hackers could target U.S. military networks and critical infrastructure if China invades Taiwan. The NSA and Western cyber agencies are urging companies operating critical infrastructure to detect and address malicious activity. The Chinese hacking group, known as 'Volt Typhoon,' has been active since at least 2021, targeting various industries.
The group utilizes built-in network tools and leaves no trace behind, making detection challenging. Instead of traditional techniques, they infect existing systems to gather information.
Guam, hosting vital U.S. military facilities, has been a specific target.
New Zealand and Australia emphasize transparency and cooperation, while Canada acknowledges the interconnectedness of Western economies.