BOSTON — State-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for a potential disruption of critical communications between the U.S. and Asia during future crises, Microsoft said.
The targets include sites in Guam, where the U.S. has a major military presence, the company said.
Hostile activity in cyberspace — from espionage to the advanced positioning of malware for potential future attacks — has become a hallmark of modern geopolitical rivalry.
Microsoft said in a blog post that the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021. It said organizations affected by the hacking — which seeks persistent access — are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors.
Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity.”
A Microsoft spokesman would not say why the software giant was making the announcement now or whether it had recently seen an uptick in targeting of critical infrastructure in Guam or at adjacent U.S. military facilities there, which include a major air base.
Read More: How the U.S. Is Spearheading Efforts to Thwart Chinese Cybercrime
John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “potentially a really important finding.”
“We don’t see a lot of this sort of probing from China. It’s rare,” Hultquist said….
