- Microsoft warns that Chinese malware struck American cyberinfrastructure in Guam and other parts of the United States
- The Chinese hacking group codenamed "Volt Typhoon" is believed to be the one responsible for the attacks
- The tech giant said that the strikes were meant to disrupt critical communications between the US and Asia
Microsoft warned that Chinese malware was responsible for attacks on United States cyberinfrastructure in Guam and other parts of the US that were allegedly made to gather intelligence.
In an advisory, Microsoft said that the group responsible for the attacks was likely "Volt Typhoon," a Chinese hacking group. The group has been known to operate since mid-2021 and is allegedly working to disrupt "critical communications infrastructure between the United States and Asia."
Microsoft Warns of Cyber Attacks by Chinese Hacking Group
On Wednesday, the National Security Agency put out a bulletin that details how the hacking attack works and how cybersecurity teams should respond to it. The attack is still ongoing and Microsoft urged impacted customers to either close or change their credentials for all accounts that have been compromised, as per CNBC.
Only in February did United States intelligence agencies become aware of the cyber attacks. Around the same time, the American government downed a Chinese spy balloon.
The cyber infiltration allegedly targeted communications infrastructure found in Guam and other areas in the US Reports noted that it was particularly alarming to US intelligence due to Guam being at the heart of an American military response in case of a Taiwanese invasion.
The Chinese hacking group is known to be capable of infiltrating networks using an unnamed vulnerability in a popular cybersecurity suite known as FortiGuard. Microsoft also warned that once Volt Typhoon gains access to a corporate system, it then takes user credentials from the security suite and utilizes them to try and gain further access to other corporate systems.
Targeting Communications Infrastructure Between US and Asia
A joint Cybersecurity Advisory (CSA) warning was issued by the US Cybersecurity & Infrastructure Security Agency (CISA) and international cybersecurity authorities who believe that the Chinese hacking group could attack other networks in the US and worldwide, according to Fox Business.
Agencies noted that Volt Typhoon's primary way of attacking is "living off the land," which makes it capable of avoiding detection by taking advantage of network administration tools to blend in with normal systems. It then flies under the radar of third-party endpoint detection and response products.
Agencies have recommended that organizations take immediate steps to beef up cybersecurity in light of the threat. This could include hardening domain controllers, monitoring event logs, limiting port proxy usage, investigating suspicious IP addresses, and reviewing firewall configurations.
Microsoft added that the Chinese hacking group's attacks are only considered an espionage campaign for now. However, it warned that Beijing could use the code initially designed to breach firewalls to conduct destructive attacks if they so wished. The tech giant said there is no evidence that Volt Typhoon used the access for offensive attacks, said the New York Times.
Related Article: Elon Musk Warns of Consequences of AI