Microsoft has issued a warning that the state-backed Chinese cyber espionage group Volt Typhoon is targeting critical infrastructure organizations across the United States starting at least in mid-2021.
“Microsoft has detected covert and targeted malicious activity targeting credential access after compromise and network discovery targeting organizations with critical infrastructure in the United States,” Microsoft said in a blog post.
Microsoft noted that it is tracking a hacking group that is spying on several important organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft said on Wednesday.
Microsoft said in the report that the spying also targeted the US island territory of Guam, which is home to strategically important US military bases that would be key to responding to any conflict in the Asia-Pacific region.
The blog post added that the observed behavior suggests that “the threat actor intends to conduct espionage and maintain access without being detected for as long as possible.”
Microsoft added that “mitigating this attack can be challenging.”
As reportedly, the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia and the UK, as well as the US Federal Bureau of Investigation, to identify the breach.
Meanwhile, it was not immediately clear how many organizations were affected. While Chinese hackers are known to spy on Western countries, this is one of the largest known cyberespionage campaigns against US critical infrastructure.
The connection is one of the most extensive cyberespionage attacks against American critical infrastructure. Chinese hackers are known for spying on Western countries.
NSA Cybersecurity Director Rob Joyce said in a statement: “The PRC (People’s Republic of China) state-sponsored actor is living outside the country, using built-in networking tools to evade our defenses and leave no traces behind.”
He added that such “ground-breaking” espionage techniques are harder to detect because they use “capabilities already built into the critical infrastructure environment.”
The post added: “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.”
Reuters reported that Canada’s Cyber Security Agency separately said it had no reports of Canadian victims of the hack yet. “However, Western economies are deeply interconnected, much of our infrastructure is tightly integrated, and an attack on one can affect the other,” he added.
Read Now:RBI says India’s GDP growth decline in 2023-24, India’s inflation has eased
