/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WINT3OCAQFLUPZN64BHPOFMXYE.jpg)
Microsoft's headquarters in Redmond, Washington, in a file image. Ted S. Warren (AP)
Microsoft sounded alerts on Wednesday by warning of an attack by state-backed Chinese hackers on critical U.S. communications infrastructure. Microsoft detected this intrusion into its systems with the help of US intelligence services. The fact that some of the compromised systems operated in Guam, in the Western Pacific, where the United States has a key base of possible support for Taiwan has only raised concerns.
The company has communicated its discovery through a detailed post with lines of code and abundant information about the attack suffered. Their explanations allow you to take precautions to be a victim of that hacker attack. "Microsoft has discovered stealthy and targeted malicious activity focused on credential access following the breach and discovery of network systems targeting critical infrastructure organizations in the United States," the message begins. "The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and intelligence gathering."
Microsoft assesses with "moderate confidence" that this campaign of the group called Volt Typhoon seeks to develop capabilities that could disrupt critical communications infrastructures between the United States and the Asian region during future crises, according to its information. For now, the intrusion has been done only for espionage and no sabotage or other damage has occurred.
The National Security Agency (NSA) has also released a 24-page report explaining the methods used by the group allegedly backed by the Chinese government. The report notes that security and intelligence agencies from the United States, Australia, New Zealand and the United Kingdom have been working on the investigation.
Secret operation
Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, affected organizations span the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors. "The observed behavior suggests that the threat actor intends to perform espionage and maintain undetected access for as long as possible," Microsoft explains.
To achieve their goal, the Volt Typhoon group placed a strong emphasis on the stealth of their operation, relying almost exclusively on techniques that were very difficult to detect. Group members issue commands over the command line to collect data, including local and network system credentials, place the data in an archive file to prepare it for extraction, and then use the stolen valid credentials to maintain the intrusion, according to Microsoft's summary.
In addition, Volt Typhoon attempts to camouflage itself in normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN (virtual private network) hardware. It has also been observed that they use customized versions of open source tools to establish a command and control channel through proxy to go more unnoticed, he continues.
As with any observed activity by a national actor, Microsoft has directly notified affected or compromised customers, providing them with important information needed to protect their environments.
Subscribe here to the newsletter of EL PAÍS America and receive all the informative keys of the current situation of the region