US government, business warned of Chinese spying on infrastructure

Robert Besser
29 May 2023, 05:26 GMT+10

A state-sponsored Chinese hacking group has been spying on a wide range of critical U.S. infrastructure organizations from telecommunications to transportation hubs
This was revealed by Western intelligence agencies and Microsoft, which said the espionage has also targeted the U.S. island territory of Guam
Chinese foreign ministry spokesperson Mao Ning said this week that the hacking allegations were a "collective disinformation campaign"

NEW YORK CITY, New York: In one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure, a state-sponsored Chinese hacking group has been spying on a wide range of critical U.S. infrastructure organizations from telecommunications to transportation hubs.

This was revealed by Western intelligence agencies and Microsoft, which said the espionage has also targeted the U.S. island territory of Guam.

Apart from being home to U.S. military facilities that would be key to responding to any conflict in the Asia-Pacific region, Guam is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Chinese foreign ministry spokesperson Mao Ning said this week that the hacking allegations were a "collective disinformation campaign" from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.

"But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking," she told a regular press briefing in Beijing.

It was not immediately clear how many organizations were affected, but the U.S. National Security Agency said it was working with partners, including Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation, to identify breaches. Canada, UK, Australia and New Zealand warned that they could be targeted by Chinese hackers, too.

Microsoft analysts said they had "moderate confidence" this Chinese group, which it dubbed as 'Volt Typhoon', was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

"It means they are preparing for that possibility," said John Hultquist, who heads threat analysis at Google's Mandiant Intelligence, as quoted by Reuters.

The Chinese activity is unique and worrying also because analysts do not have enough information about what this group might be capable of, he added.

Meanwhile, National Security Agency cybersecurity director Rob Joyce said the Chinese campaign was using "built-in network tools to evade our defenses and leaving no trace behind." Such techniques are harder to detect, as they use "capabilities already built into critical infrastructure environments," he added, according to Reuters.

As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim's existing systems to find information and extract data.

"It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems," noted Paul Chichester, director at the UK's National Cyber Security Centre, in a joint statement with the US National Security Agency.