May 24, 2023 - Technology

Chinese hackers hit critical U.S. infrastructure, intelligence agencies warn

The aircraft carrier USS Theodore Roosevelt, is docked at Naval Base Guam in Apra Harbor amid the coronavirus pandemic on Monday, April 27, 2020.

The aircraft carrier USS Theodore Roosevelt, is docked at Naval Base Guam in Apra Harbor amid the coronavirus pandemic on April 27, 2020. Photo: Tony Azios/AFP via Getty Images

A Chinese state-sponsored group has hacked into critical American infrastructure, including in the U.S. territory of Guam, Microsoft and the "Five Eyes" intelligence alliance warn.

Why it matters: Guam is home to three American military bases. The western Pacific island would play an important strategic role should the U.S. need to respond to any potential Chinese military attack on or blockade of Taiwan.

  • The likely aim of the operation is to "disrupt critical communications infrastructure between the United States and Asia region during future crises," per a blog post Wednesday by Microsoft, which detected the hacking.

Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with its "Five Eyes" partner agencies in the U.K., Canada, Australia and New Zealand warning that the "Volt Typhoon" hackers posed a threat to all five allied countries following a "recently discovered cluster of activity."

  • Microsoft said in its blog post that the "state-sponsored actor based in China ... typically focuses on espionage and information gathering."
  • Detecting "and mitigating this attack could be challenging," Microsoft said.

State of play: "Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States," per Microsoft.

  • "In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."
  • The Australian Signals Directorate’s Australian Cyber Security Centre noted that a key strategy of Volt Typhoon, known as "living off the land," used "built-in network administration tools to perform their objectives," allowing the group "to evade detection by blending in with normal Windows system and network activities."

The big picture: The Chinese Communist Party has been linked to previous hack attacks targeting the U.S. government, businesses and American infrastructure, but it has always denied being involved in such cyber espionage.

What they're saying: "Today’s advisory highlights China's continued use of sophisticated means to target our nation's critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity," CISA director Jen Easterly said in a statement.


Want more stories like this? Sign up for Axios Markets

Go deeper