Security News > 2023 > May > Chinese hackers breach US critical infrastructure in stealthy attacks
Microsoft says a Chinese cyberespionage group it tracks as Volt Typhoon has been targeting critical infrastructure organizations across the United States, including Guam, since at least mid-2021.
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the Microsoft Threat Intelligence team said.
As Mandiant Intelligence Chief Analyst John Hultquist told BleepingComputer, these intrusions into US critical infrastructure orgs are likely part of a concerted effort to provide China with access in the event of a future conflict between the two countries.
"States conduct long-term intrusions into critical infrastructure to prepare for possible conflict, because it may simply be too late to gain access when conflict arises. Similar contingency intrusions are regularly conducted by states."
"Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect. China has done the same in the past, targeting the oil and gas sector. These operations are aggressive and potentially dangerous, but they don't necessarily indicate attacks are looming."
Critical infrastructure also hit by supply chain attack behind 3CX breach.
News URL
Related news
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- US says Chinese hackers breached multiple telecom providers (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)