Researchers offer hints of cyber's role in possible Taiwan invasion
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Annelise Capossela/Axios
The latest evidence of China-linked hackers infiltrating U.S. critical infrastructure is highlighting what role cyberattacks could end up playing in a possible invasion of Taiwan.
What's happening: Earlier this week, researchers at Microsoft unveiled that a Chinese state-sponsored group known as Volt Typhoon has been targeting critical infrastructure organizations in the U.S. and Guam.
- Affected organizations spanned a long list of sectors: communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.
- Volt Typhoon, which has been in operation since mid-2021, infiltrated these organizations by targeting internet-facing devices running Fortinet's FortiGuard products, per Microsoft.
- Once inside, the hackers can start "living off the land" and obtain access to a network by stealing user credentials and rerouting any suspicious traffic through home routers, Microsoft said.
Why it matters: Microsoft researchers concluded with "moderate confidence" that Volt Typhoon is developing capabilities that could disrupt communications between the U.S. and Asian countries in future crises.
- The National Security Agency, the FBI, CISA and their international partners released an advisory supporting Microsoft's findings shortly after the report's publication.
Between the lines: If it were to invade Taiwan, one of China's first moves would likely be to cut off communications between Taiwan and the outside world, experts say.
- That scenario isn't too far from the realm of possibility. Taiwan blamed China for cutting one of its internet cables earlier this year, with some suspecting it was a "dry run" for a future invasion.
- The new cyber campaign against Guam also raises suspicions, as the New York Times reports, given the U.S. has an air base there and that Guam's ports would be crucial for an American military response.
Yes, but: Volt Typhoon appears to mostly be sticking to espionage, rather than destructive behavior, for now.
- Some experts assess that this specific group is more interested in uncovering details about how targeted facilities operate and other sensitive details about the U.S.
The other side: A spokesperson for China's Ministry of Foreign Affairs called Microsoft's report "unprofessional" and "filled with disinformation" in a statement Thursday.
- The spokesperson also suggested that the Five Eyes intelligence pact released its joint advisory to "serve its geopolitical agenda" and called the U.S. the "champion of hacking."
Sign up for Axios’ cybersecurity newsletter Codebook here.
