Microsoft reveals Chinese hacking attack on critical US infrastructure

Microsoft issued an alert on Wednesday warning of attacks by state-backed Chinese hackers on critical US communications infrastructure. Microsoft detected this intrusion into its systems with the help of US intelligence services. The fact that part of the compromised systems operate in Guam in the western Pacific, where the United States has a major base of potential support for Taiwan, has only raised concerns.

The company has reported its discovery via a detailed post containing lines of code and copious amounts of information about the attack. Their clarifications allow you to take precautions for becoming a victim of that hacker attack. “Microsoft has discovered credential access post-breach and network system discovery focused theft and targeted malicious activity targeting critical infrastructure organizations in the United States,” the message begins. “The attack is being carried out by Volt Typhoon, a China-based state-sponsored actor that typically focuses on espionage and intelligence gathering,” he said.

Microsoft assesses with “moderate confidence” that this campaign by a group called Volt Typhoon follows the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises, according to its information. According. For now, the intrusion has been done only for espionage purposes and no sabotage or other damage has been done.

National Security Agency (NSA) 24 page report has also been published In which he explains the methods used by the group allegedly backed by the Chinese government. The report said that security and intelligence agencies of the United States, Australia, New Zealand and the United Kingdom are working on the investigation.

covert operation

Typhoon Volt has been active since mid-2021 and has targeted critical infrastructure organizations on Guam and elsewhere in the United States. In this campaign, the affected organizations span across the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education sectors. “The observed behavior suggests that the threat actor intends to spy and maintain access for as long as possible,” states Microsoft.

To achieve their goal, the Volt Typhoon group placed a heavy emphasis on stealth in their operations, relying almost exclusively on very difficult-to-detect techniques. According to Microsoft’s summary, group members issue commands through the command line to collect data, including credentials from local and network systems, put the data into an archive file to prepare it for extraction and Then use the stolen valid credentials to maintain the intrusion.

In addition, Volt Typhoon attempts to blend in with normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN (virtual private network) hardware. He’s also seen them remain more obscure, using customized versions of open source tools to establish a command and control channel through proxies, he continues.

As with any activity observed by a home actor, Microsoft directly notified affected or compromised customers, providing them with the critical information needed to protect their environments.

subscribe here newsletter EL PAÍS Receive all the important information on current affairs from America and in the region