The Five Eyes intelligence alliance of Australia, Britain, Canada, New Zealand and the United States issued the joint Cybersecurity Advisory on Wednesday, stating they had recently discovered a "cluster of activity" associated with China state-sponsored hackers Volt Typhoon.
Microsoft separately said in a statement that Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.
Describing the hackers' work as "stealthy and targeted malicious activity," the U.S. computer giant described the Chinese espionage campaign as targeting organizations in the sectors of communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," it said.
"Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."
Both Microsoft and Five Eyes said Volt Typhoon relies on so-called living-off-the-land techniques, which use built-in network administration tools to evade detection by appearing as part of the normal Windows system.
The advisory warns that many of the behavioral indicators of a breach can also be legitimate system administration commands that appear in "benign activity," and that "care should be taken not to assume that findings are malicious without further investigation or other indications of compromise."
The Canadian Center for Cyber Security added in a separate statement that it has no reports of Canadian victims but warned that since Western economies are deeply interconnected that "an attack on one can impact the other."
It added that the warning is "especially important" due to the difficulty in identifying this specific attack.
"The state-sponsored cyber programs of China, Russia, Iran and North Kora pose the greatest strategic cyber threats to Canada," it said. "State-sponsored cyberthreat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these states."
China accuses US, allies of 'disinformation' over hacking claims
Beijing (AFP) May 25, 2023 -
China accused the United States and its allies of waging a "disinformation campaign" Thursday, after Washington, its Western partners and Microsoft said state-sponsored Chinese hackers had infiltrated critical US infrastructure networks.
"This is an extremely unprofessional report with a missing chain of evidence, this is just scissors-and-paste work," foreign ministry spokeswoman Mao Ning said.
The allegations were "a collective disinformation campaign of the Five Eyes coalition countries", she said.
In a report Wednesday, Microsoft highlighted Guam, a US territory in the Pacific Ocean with a vital military outpost, as one of the targets of the allegedly Chinese state-backed hackers.
But, it said, "malicious" activity had also been detected elsewhere in the United States.
The stealthy attack -- carried out by a China-sponsored actor dubbed "Volt Typhoon" since mid-2021 -- enabled long-term espionage and was likely aimed at hampering the United States in the event of a conflict, it said.
The claims were echoed by the United States and its allies in the Five Eyes security alliance -- Australia, Canada, New Zealand and the United Kingdom -- accusations Beijing denied on Thursday.
The United States, Mao said, "was expanding new channels for disseminating disinformation".
"But no change in tactics can alter the fact that the US is a hacker empire," she said.
| Subscribe Free To Our Daily Newsletters |
| Subscribe Free To Our Daily Newsletters |
