By Frank Bajak - The Associated Press
BOSTON (AP) — Microsoft said Wednesday that hackers sponsored by China's government have been attacking critical U.S. infrastructure and may be laying the technical groundwork for a possible disruption of vital communications between the country and Asia during future crises.
The targets include facilities in Guam, where the U.S. has a significant military presence, the company said.
[China sentences 78-year-old American to life in prison for espionage]
Hostile activity in cyberspace — from espionage to pre-positioning malware for potential future attacks — has become a hallmark of modern geopolitical rivalry.
Microsoft noted in a blog post that the state-backed hacking group, which it refers to as Volt Typhoon, has been in operation since mid-2021. He added that some of the organizations affected by the hacks — which seek persistent access — include the telecommunications, manufacturing, utilities, transportation, construction, maritime, information technology and education sectors.
The Biden Administration turns on the alarms after alleged leak of classified documents
April 7, 202300:30
Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency, and their counterparts from Australia, New Zealand, Canada and Britain, released a joint advisory sharing technical details about "the recently discovered cluster of activity."
A Microsoft spokesman declined to say why the tech giant made the announcement at this time or whether it has seen a recent uptick in attacks on vital infrastructure in Guam or adjacent U.S. military installations in the region, which include a major air force base.
John Hultquist, chief analyst for Google's Mandiant cybersecurity intelligence operation, said Microsoft's announcement was "arguably a really important finding."
[China warns of possibility of 'conflict' unless US changes course]
"We don't see many of these kinds of reports from China. They are unusual," he said. "We know a lot about the cyber capabilities of Russia and North Korea and Iran because they've been doing this on a regular basis." China has generally refrained from using the kind of tools that can be used to plant not only information-gathering capabilities, but also malware for damaging attacks during armed conflict, he said.
Microsoft said the raid campaign had "a strong emphasis on stealth" and attempted to blend in with normal network activity by hacking into small office network equipment, including routers. He said the intruders initially accessed through Fortiguard devices, which are designed to use machine learning to detect malware (malicious software).
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
