Chinese state-sponsored hacking group Volt Typhoon accused of conducting cyber espionage against US targets.
The US State Department has warned that China is capable of launching cyberattacks against critical US infrastructure, including oil and gas pipelines as well as rail systems, after investigators found that a Chinese hacking group had been spying these networks.
A multinational alert earlier this week revealed that a Chinese cyber-espionage campaign had targeted military and government targets in the US.
“The U.S. intelligence community assesses that China is almost certainly capable of launching cyberattacks that could disrupt critical infrastructure services in the United States, including against oil and gas pipelines and rail systems,” he said. said Thursday the spokesman of the Department of State, Matthew Miller, in a press conference.
“It is vital that the government and network advocates in the public are vigilant,” he said.
The spying group, dubbed “Volt Typhoon” by Microsoft, was the subject of an alert issued by cyber security and intelligence agencies in the US, Australia, Canada, New Zealand and the UK – known as the “Five Eyes” – Wednesday.
Microsoft researchers said Volt Typhoon was developing capabilities “that could disrupt critical communications infrastructure between the United States and the Asia region during future crises,” a nod to escalating tensions between China and the US over Taiwan and other issues.
Microsoft and the “Five Eyes” network of Western intelligence partners have accused Chinese state-sponsored hackers of carrying out attacks against critical infrastructure in the United States. [File: Bloomberg]
Microsoft said the Volt Typhoon campaign is based on “living off the ground” attacks, which are fileless malware that uses existing programs to carry out attacks instead of installing files. The tech giant said Volt Typhoon blends into normal network activity by routing data through home and office networking equipment such as routers, firewalls and VPNs, making it extremely difficult to spot.
The hacking group has targeted critical infrastructure organizations in the US Pacific territory of Guam, Microsoft said, adding that security firm Fortinet’s FortiGuard devices were being abused by Volt Typhoon to enter your goals.
The US Cybersecurity and Infrastructure Security Agency (CISA) said separately that it was working to understand “the breadth of potential intrusions and associated impacts”.
That would help the agency “provide assistance when needed and more effectively understand the tactics employed by this adversary,” CISA executive assistant director Eric Goldstein told Reuters news agency.
“Many traditional detection methods, such as antivirus, will not find these intrusions.”
Researcher Marc Burnard, whose organization Secureworks has dealt with several intrusions related to Volt Typhoon, said that Secureworks had not seen any evidence of destructive activity by Volt Typhoon, but that its hackers focused to steal information that would “illuminate US military activities”.
The Chinese government called the joint warning issued this week by the US and its allies a “collective disinformation campaign”.
Chinese Foreign Ministry spokesman Mao Ning told reporters that the Five Eyes alerts were meant to promote their intelligence alliance and that Washington was to blame for the hacking .
“This is an extremely unprofessional report with a missing chain of evidence. This is just a cut-and-paste job,” Mao said.
“The United States is the hacking empire,” he said.