A sign for Microsoft Corp at the company’s office in the central business district of Lisbon, Portugal, Tuesday, Dec. 27, 2022.
Jade Jameson | Bloomberg | Getty Images
Microsoft warned on Wednesday that “critical” US cyber infrastructure across multiple industries had been compromised by Chinese state-sponsored hackers with a focus on intelligence gathering.
Microsoft said in an advisory that the Chinese hacking group, codenamed “Volt Typhoon”, has been operating since mid-2021. The organization is apparently working to disrupt “critical communications infrastructure between the United States and Asia,” Microsoft said, to speed up efforts during “future crises.”
The National Security Agency put out a bulletin on Wednesday detailing how the hack worked and how cyber security teams should respond.
The assault is apparently continuing. In an advisory, Microsoft urged affected customers to “close or change the credentials for all compromised accounts”.
The New York Times reported that US intelligence agencies became aware of the intrusion in February, around the same time that a Chinese spy balloon was shot down.
The Times reported that the intrusion focused on communications infrastructure in Guam and other parts of the US, and was particularly alarming to US intelligence because Guam sits at the heart of the US military response in case of an invasion of Taiwan.
Volt Typhoon is capable of infiltrating organizations by using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once a hacking group gains access to one corporate system, it steals user credentials from the security suite and uses them to attempt to gain access to other corporate systems.
Microsoft said state-sponsored hackers are yet to seek to cause disruption. Instead, “the threat actor intends to spy and maintain access without detection for as long as possible.”
Microsoft said infrastructure in nearly every critical sector has been affected, including communications, transportation and the maritime industry. Government organizations were also targeted.
Chinese government-backed hackers have targeted important and sensitive information of American companies in the past as well. Covington and Burling, a prominent law firm, was hacked in 2020 by suspected Chinese state-sponsored hackers.
In a joint statement with international and domestic intelligence services, the Cybersecurity and Infrastructure Security Agency warned that Chinese attacks pose a continuing risk to US intellectual property.
“For years, China has waged an aggressive cyber campaign to steal intellectual property and sensitive data from organizations around the world,” CISA director Jane Easterly said in a statement.
This is breaking news. Please check back for updates.