Microsoft issued a warning yesterday regarding an alleged event in which Chinese state-sponsored hackers compromised “critical” U.S. cyber infrastructure in a number of different industries with the aim of acquiring intelligence. The so-called “Volt Typhoon” hacking group from China has been recognized.
It has been operational since the middle of 2021, according to a Microsoft alert. According to Microsoft, the group is attempting to interfere with “critical communications infrastructure between the United States and Asia” in order to thwart attempts during “future crises.”
Further Details of the Hacking Incident
Additionally, the National Security Agency released an alert on Wednesday with additional information that clarifies how the hack operates and how cybersecurity teams should react. where the alleged attack appears to have continued.
It is also important to note that the U.S. intelligence agencies first learned of the incursion in February, around the same time that a Chinese spy balloon was shot down. In the advisory, Microsoft advised impacted customers to “close or change credentials for all compromised accounts.”
According to reports, the infiltration was concentrated on the nation’s communications networks in Guam and other locations, which further frightened American intelligence because Guam would be the focal point of the country’s military response in the event that Taiwan was invaded.
Microsoft has added that Volt Typhoon was able to enter companies thanks to an unidentified flaw in the well-known cybersecurity program FortiGuard. After the hacker organization has gotten access to one business system, it then goes on to take the user’s login information from the security suite and attempt to get access to additional corporate systems using that information.
The Cybersecurity and Infrastructure Security Agency, on the other hand, has issued a warning regarding the ongoing Chinese attacks that continue to pose a risk to American intellectual property in a joint statement with domestic and foreign intelligence services.
In a statement, CISA Director Jen Easterly noted that China has “conducted aggressive cyber operations for years to steal intellectual property and sensitive data from organizations around the globe.”
Chinese Foreign Ministry Claps Back
The Chinese foreign ministry reportedly hit back at these claims earlier today, claiming they “lacked evidence” and branding the US a “hacker empire.” The fact that “certain companies” were involved in the warning, they continued, “shows that the US is expanding channels for disseminating false information.”
Microsoft, on the other side, claimed that it had alerted consumers who were compromised or targeted and advised them to terminate or secure their accounts. “A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defenses and leaving no trace behind,” said Rob Joyce, head of cyber security at the US National Security Agency. He added, “We must therefore cooperate in order to track down the actor and banish him from our vital networks.”