Chinese hackers breach US infrastructure, Microsoft warns

Chinese state-sponsored hacking group “Volt Typhoon” has been blamed by Microsoft for ongoing attacks on critical US cyber infrastructure.

Hackers have targeted multiple industries to gather intelligence and disrupt communications infrastructure between the US and Asia.

Microsoft advised affected organizations to disable or change compromised account credentials and said the hackers’ primary goal was reconnaissance rather than immediate disruption.

In a recent advisory, Microsoft issued a warning regarding a series of cyberattacks on critical US infrastructure by Chinese state-sponsored hackers.

The attacks, attributed to the group known as “Volt Typhoon”, have been ongoing since mid-2021 and are mainly to gather intelligence. Microsoft urged affected users to take immediate action by changing or closing compromised account credentials.

Hackers are exploiting an unknown vulnerability in the widely used cybersecurity suite FortiGuard to infiltrate organizations, steal user credentials and gain unauthorized access to other systems.

Rather than immediate disruption, the hackers’ primary goal appears to be long-term espionage and maintaining undetectable access. Various critical sectors, including communications, transportation, maritime industries, and government institutions, have been affected by the attacks.

Covington and Burling, a prominent law firm, fell victim to suspected Chinese government-backed hackers in 2020, highlighting the ongoing threat posed by Chinese cyberattacks.

In a joint statement with international and domestic intelligence services, the Cybersecurity and Infrastructure Security Agency (CISA) highlighted the threats posed by Chinese hackers to US intellectual property.

CISA Director Jane Easterly emphasized China’s history of conducting aggressive cyber operations to steal valuable data and sensitive information from organizations around the world.