Western intelligence agencies and Microsoft have issued a warning about a persistent cybersecurity threat posed by a state-sponsored Chinese hacking group, known as Volt Typhoon. This group has been detected infiltrating various crucial U.S. infrastructure organizations, and such activities could be happening worldwide.
This Joint Cybersecurity Advisory (CSA) was issued by authorities in the U.S, Australia, Canada, New Zealand, and the UK, constituting the Five Eyes intelligence network. It reveals that Volt Typhoon, which has been active since mid-2021, is believed to be an arm of the People’s Republic of China’s (PRC) state-sponsored cyber warfare strategy.
Microsoft has separately warned that the group has targeted critical infrastructure, including Guam’s strategic U.S military outpost in the Pacific. The tech company cautioned that mitigating these attacks could pose significant challenges.
One of the most notorious incidents attributed to this group was the Microsoft Exchange hack identified in January, quickly pinned on Chinese cyber espionage efforts. This incident underscores one of the largest known cyber-espionage campaigns against American critical infrastructure to date.
Microsoft’s analysis suggests that the Volt Typhoon campaign aims to disrupt critical communications infrastructure between the U.S and Asia during potential future crises. The sectors impacted by this campaign include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.
The hacking group’s activities suggest an intent to carry out espionage and maintain undetected access to the systems for as long as possible. They have reportedly employed “living off the land” tactics, leveraging built-in network tools to blend in with typical Windows systems. The group may then execute seemingly “benign” system administration commands.
While Beijing has consistently denied allegations of state-sponsored cyber-attacks, the continuous accusations underscore the global nature of cybersecurity threats. China, in turn, frequently accuses the U.S of cyber espionage.
Guam, a notable target of Volt Typhoon, hosts vital U.S military facilities crucial to responding to any conflict in the Asia-Pacific region.
Despite no reports of Canadian victims yet, Canada’s cybersecurity agency warned of the interconnectedness of western economies, emphasizing that an attack on one infrastructure could impact others.
The UK echoed similar concerns, cautioning that the tactics used by Chinese hackers on U.S networks could be replicated on a global scale.