fbpx

Type to search

Chinese Hackers ‘Spying on Critical US Services, Guam’

Western intelligence agencies and Microsoft say a state-sponsored group had been assessing telecom, transport and other critical organisations in the US and on Guam in the Pacific


Chinese hackers have been spying on critical infrastructure in the US, as well as facilities in Guam, the US island in the Pacific, cyber experts said on Wednesday.
Chinese hackers have been spying on critical infrastructure in the US, as well as facilities in Guam, the US island in the Pacific, cyber experts said on Wednesday. Reuters photo.

 

A Chinese hacking group has been spying on a wide range of critical infrastructure in the United States, including the US island of Guam in the Pacific.

Western intelligence agencies and Microsoft said on Wednesday a state-sponsored group had been assessing organizations involved in telecommunications to transportation hubs.

While both China and the US routinely spy on each other, it was one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure, analysts said.

The espionage has also targeted Guam, which is home to strategically important American military bases, Microsoft said in a report, adding that “mitigating this attack could be challenging.”

ALSO SEE:

Chinese Hackers ‘Targeted Kenya Ministries Amid Debt Strains’

 

‘Developing capacity to hit infrastructure’

It was not immediately clear how many organizations were affected, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the US Federal Bureau of Investigation to identify breaches.

Canada, UK, Australia and New Zealand warned they could be targeted by the hackers too.

Microsoft analysts said they had “moderate confidence” this Chinese group, which it dubbed ‘Volt Typhoon’, was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

“It means they are preparing for that possibility,” said John Hultquist, who heads threat analysis at Google’s Mandiant Intelligence.

The Chinese activity is unique and worrying also because analysts don’t yet have enough visibility on what this group might be capable of, he added.

“There is greater interest in this actor because of the geopolitical situation.”

One of the US bases on Guam, which is east of the Philippines.

Companies urged to check for cyber intrusions

The Chinese embassy in Washington did not immediately respond to a request for comment.

As China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, US President Joe Biden has said he would be willing to use force to defend Taiwan.

Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.

“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,” Paul Chichester, director at the UK’s National Cyber Security Centre said in a joint statement with the NSA.

Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

NSA cybersecurity director Rob Joyce said the Chinese campaign was using “built-in network tools to evade our defences and leaving no trace behind.” Such techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,” he added.

The submarine cables that reach Guam make it “a logical target for the Chinese government” to seek intelligence, one analyst said.

Tricks used to download malicious files

As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.

Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyber attacks in the region, said the submarine cables made Guam “a logical target for the Chinese government” to seek intelligence.

“There is high vulnerability when cables land on shore,” he said.

New Zealand said it would work towards identifying any such malicious cyber activity in its country.

“It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face,” Australia’s Minister for Home Affairs and Cyber Security Clare O’Neil said.

Canada’s cybersecurity agency said it had no reports of Canadian victims of this hacking as yet. “However, Western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”

 

  • Reuters with additional editing by Jim Pollard

 

ALSO SEE:

 

US Signs Defence, Surveillance Pacts With Papua New Guinea

 

US Set to Sign Security Pacts With Palau and Micronesia

 

US Funding Tapped For Pacific Undersea Cable After China Rebuffed

 

Biden Vows to Help Pacific Islands Fight Climate Change

 

China Firm Nabs Solomon Islands Port Deal as US Watches On

 

 

Jim Pollard

Jim Pollard is an Australian journalist based in Thailand since 1999. He worked for News Ltd papers in Sydney, Perth, London and Melbourne before travelling through SE Asia in the late 90s. He was a senior editor at The Nation for 17+ years.