A logo for Microsoft Corporation’s offices in the central business district of Lisbon, Portugal, Tuesday, Dec. 27, 2022.
Jameson | Bloomberg | Getty Images
Microsoft warn Chinese state-sponsored hackers breached “critical” cyber infrastructure across a broad range of U.S. industries on Wednesday, with a focus on intelligence gathering.
Microsoft said in an announcement that the Chinese hacker group code-named “Volt Typhoon” has been operating since mid-2021. Microsoft said the group was apparently working to disrupt “critical communications infrastructure between the U.S. and Asia” to thwart efforts during “future crises.”
The National Security Agency released a announcement On Wednesday, it detailed how the hack worked and how cybersecurity teams should respond.
The attack is clearly underway. In an advisory, Microsoft urged affected customers to “close or change credentials for all compromised accounts.”
U.S. intelligence agencies became aware of the intrusion in February, around the same time a Chinese spy balloon was shot down, The New York Times Report.
According to The Times, the infiltration focused on communications infrastructure on Guam and elsewhere in the United States, which is of particular concern to U.S. intelligence because Guam is at the center of a U.S. military response in case of an invasion by Taiwan.
Volt Typhoon was able to infiltrate organizations by exploiting an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once a hacking group gains access to a company’s systems, it steals user credentials from security suites and uses them to try to gain access to other company systems.
State-sponsored hackers have no intention of wreaking havoc, Microsoft said. Instead, “threat actors intend to conduct espionage and maintain access for as long as possible without being detected.”
Infrastructure has been affected in nearly every key sector, including communications, transportation and maritime, Microsoft said. Government organizations have also been targeted.
Chinese state-backed hackers have previously targeted critical and sensitive information on U.S. companies. Prominent law firm Covington and Burling was hacked in 2020 by suspected Chinese state-sponsored hackers.
In a joint statement with international and domestic intelligence communities, the Cybersecurity and Infrastructure Security Agency warned that Chinese attacks pose a continuing risk to U.S. intellectual property.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” CISA Director Jen Easterly said in a report. statement.
This is breaking news. Please check for updates.