Microsoft analysts said they had “moderate confidence” this Chinese group, which it dubbed as “Volt Typhoon”, was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
“It means they are preparing for that possibility,” added said John Hultquist, who heads threat analysis at Google’s Mandiant Intelligence.
The Chinese activity is unique and worrying also because analysts don’t yet have enough visibility on what this group might be capable of, he added.
“There is greater interest in this actor because of the geopolitical situation.”
As China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, US President Joe Biden has said he would be willing to use force to defend Taiwan.
Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.
The NSA and other western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.
“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,” Paul Chichester, director at the UK’s National Cybersecurity Centre said in a joint statement with the NSA.
Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.
NSA cybersecurity director Rob Joyce said the Chinese campaign was using “built-in network tools to evade our defenses and leaving no trace behind.” Such techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,” he added.
As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.
Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region.
New Zealand said it would work towards identifying any such activity in its country.
“It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face,” Australia’s Minister for Home Affairs and Cybersecurity Clare O’Neil said.
Canada’s cybersecurity agency said it had no reports of Canadian victims of this hacking as yet. “However, western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”