Microsoft has warned that a state-sponsored Chinese hacking group has breached “critical” US infrastructure in order to disrupt communications between the country and Asia in the event of a crisis.
The hacker, code-named “Volt Typhoon,” has been operating since mid-2021, the U.S. tech group said in a rare system vulnerability bulletin. Microsoft says they have been able to infiltrate organizations across a wide range of industries by exploiting vulnerabilities in a popular cybersecurity platform called FortiGuard.
“Affected organizations in this campaign span the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors,” Microsoft said. It added that the hacking group’s operations were focused on gathering intelligence and espionage rather than causing immediate damage.
It added: “Microsoft assesses with moderate confidence that this Operation Volt Typhoon is seeking to develop capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.”
Microsoft said it had notified targeted or infected customers and urged them to close or secure their accounts.
U.S. and international cybersecurity authorities issued a joint advisory on Typhoon Volt on Wednesday, which also warned of Chinese state-backed cyber threats.
“A Chinese state-backed actor lives on land, using built-in cyber tools to evade our defenses and leave no trace,” said Rob Joyce, director of cybersecurity at the NSA. Find and remove attackers from our critical networks.”
“Living off the ground” refers to cyberattacks that are hacked using legitimate tools already installed in personal devices, making it harder to detect than traditional malware attacks that often require victims to download files.
John Hultquist, principal analyst at Mandiant Intelligence, a cyber defense service owned by Google, said the Volt Typhoon hack was “aggressive and potentially dangerous.”
“Chinese cyber threat actors are unique among their peers in that they do not routinely resort to destructive and disruptive cyber attacks. As a result, their capabilities are highly opaque. This disclosure is a rare opportunity to investigate and prepare for this threat ,”He said.