Published in News

Chinese-state hackers compromised "critical" US cyber infrastructure

by on25 May 2023


Microsoft said they were intelligence gathering

Microsoft has warned that Chinese state-sponsored hackers, known as "Volt Typhoon," have compromised "critical" US cyberinfrastructure across various industries focusing on gathering intelligence.

Vole said that the group codenamed "Volt Typhoon" has been around since mid-2021, quietly working to disrupt "critical communications infrastructure between the United States and Asia."

They have a set-piece method of attack which has been ongoing for some time, and the National Security Agency put out a bulletin detailing how the hack works and how cybersecurity teams should respond.

In an advisory, Microsoft urged impacted customers to "close or change credentials for compromised accounts."

US intelligence agencies became aware of the incursion in February. The infiltration was focused on communications infrastructure in Guam and other parts of the US. It was particularly alarming to US intelligence because Guam sits at the heart of an American military response in case of a Taiwanese invasion.

Microsoft said Volt Typhoon infiltrates organisations using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard. Once the hacking group has gained access to a corporate system, it steals user credentials from the security suite and uses them to try to gain access to other corporate systems. The state-sponsored hackers aren't looking to create disruption yet, Microsoft said.

Instead, "the threat actor intends to perform espionage and maintain access without being detected for as long as possible." Microsoft said that infrastructure in nearly every critical sector has been impacted, including the communications, transport, and maritime industries. Government organisations were targeted.

 

Last modified on 25 May 2023
Rate this item
(0 votes)

Read more about: