Western intelligence agencies warn of China-backed hackers targeting US critical infrastructure
Western intelligence agencies on Wednesday issued a joint advisory to highlight the targeting of US critical infrastructure by a China-sponsored malicious cyber actor and help users hunt such activity on their devices.
Agencies in the US, Canada, Australia, New Zealand, and the UK published a joint advisory sharing technical details on "the recently discovered cluster of activity... associated with a People's Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon."
"Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide," the advisory said.
Separately, Microsoft said in a Wednesday blog post that it "uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States."
According to Microsoft, Volt Typhoon "typically focuses on espionage and information gathering."
Volt Typhoon campaign reportedly intended to "perform espionage"
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the tech company said.
Microsoft said that the group, active since mid-2021, has targeted critical infrastructure organizations in the US territory of Guam and elsewhere in the United States, adding that the target of the activities appears to be to "perform espionage and maintain access without being detected for as long as possible."
The company said that organizations affected by the malicious campaign span sectors including maritime, government and information technology, among others.
Cover photo: IMAGO / agefotostock