Chinese malware targeting critical infrastructure, Microsoft and U.S. government warn

Microsoft security researchers have discovered a Chinese-sponsored hacking campaign targeting Guam and other unspecified locations within the United States. warned Wednesday. The hacker, codenamed “Volt Typhoon,” has been active since mid-2021 and could “disrupt critical communications infrastructure between the U.S. and the Asia region during future crises.”

Microsoft hasn’t detected any offensive attacks, but Chinese intelligence and military hackers routinely prioritize espionage and information gathering over destruction.

US federal law enforcement and intelligence agencies, including the FBI, the NSA and the Cybersecurity and Infrastructure Security Agency (CISA), issued a bulletin on Wednesday, detailing the actor’s ongoing operational playbook as well as the code. A roadmap is also provided that enables potential victims to track down the intruder.

According to the bulletin, authorities “recently discovered” the cluster of activity. “Private-sector partners have identified that this activity affects networks in critical infrastructure sectors across the United States, and authorizing agencies believe that actors are the same across the globe against these and other sectors.” can apply the technique,” ​​the brief continued.

US intelligence agencies first uncovered the malware in February, around the same time the US launched a Chinese spy balloonthe The New York Times First reported. The Chinese-sponsored hacking group’s activity reportedly alarmed US officials due to its proximity to Anderson Air Force Base. The naval port at Guam would play a vital role in launching any US military response in the event of a Taiwanese attack.

“An attack against our critical infrastructure in the form of a Chinese attack on Taiwan is unfortunately not far-fetched,” CISA director Jane Easterly said. warned in February.

At the time, Easterly called the threat of cyber intrusion far more dangerous than a Chinese surveillance balloon.

“Our country is subject to cyber intrusions by the Chinese government every day, but these intrusions rarely make national news,” Easterly said. “These intrusions can cause real harm to our nation – leading to the theft of our intellectual property and personal information; and, even more sinister, stepping in to disrupt or destroy the cyber and physical infrastructure that But Americans depend on it every hour of every day. Our power, our water, our transportation, our communications, our health care, and more.

According to Microsoft, once Volt Typhoon gains access to a network, it steals user credentials to gain access to other computer systems. “The observed behavior suggests that the threat actor intends to spy and maintain access as undetected as possible,” Microsoft security researchers noted in a blog post Wednesday.

Microsoft warned that affected organizations spanned nearly every major infrastructure sector, including “communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors.”

Microsoft urged users who were affected to “disable or change credentials for all compromised accounts.”

China has consistently denied hacking into US networks, even as US investigators have accused the People’s Republic of China of the theft. Personal information of millions of current and former federal workers Under the Obama administration.

For its part, the Biden White House immediately established cybersecurity standards for critical infrastructure. Increasing ransomware attacksSuch as the 2021 attack on a colonial pipeline linked to Russia, a national security issue.