China-sponsored cyber actor targeting critical US infrastructure, say intelligence agencies

NSA officials say a Chinese state-sponsored cyber actor is trying to target networks across US critical infrastructure. PHOTO: REUTERS
Updated
May 25, 2023, 04:16 PM
Published
May 25, 2023, 04:41 AM

WASHINGTON - A state-sponsored Chinese hacking group has been spying on a wide range of US critical infrastructure organisations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft said on Wednesday.

The espionage has also targeted the US island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding “mitigating this attack could be challenging”.

It was not immediately clear how many organisations were affected, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and Britain, as well as the US Federal Bureau of Investigation to identify breaches.

While Chinese hackers are known to spy on Western countries, this is one of the largest known cyber-espionage campaigns against American critical infrastructure.

“A PRC (People’s Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind,” NSA cyber-security director Rob Joyce said in a statement.

Such “living off the land” spy techniques are harder to detect as they use “capabilities already built into critical infrastructure environments”, he added.

Reacting to the report, China accused the US and its allies of waging a “disinformation campaign”. 

“This is an extremely unprofessional report with a missing chain of evidence. This is just scissors-and-paste work,” the Foreign Ministry’s spokesman Mao Ning said, claiming the allegations were “a collective disinformation campaign of the Five Eyes coalition countries”, an intelligence alliance between the US, Britain, Canada, Australia and New Zealand. 

Microsoft analysts said they had “moderate confidence” this Chinese group, which it dubbed as Volt Typhoon, was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

“It means they are preparing for that possibility,” said Mr John Hultquist, who heads threat analysis at Google’s Mandiant Intelligence.

The Chinese activity is unique and worrying also because analysts don’t yet have enough visibility on what this group might be capable of, he added.

“There is greater interest in this actor because of the geopolitical situation.”

As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.

Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region.

It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Mr Bart Hoogeveen, a senior analyst at the Australian Strategic Policy Institute who specialises in state-sponsored cyber attacks in the region, said the submarine cables made Guam “a logical target for the Chinese government” to seek intelligence.

“There is high vulnerability when cables land on shore,” he said.

Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.

“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,” Mr Paul Chichester, director at Britain’s National Cyber Security Centre, said in a joint statement with the NSA.

Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.

New Zealand said it would work towards identifying any such activity in its country.

“It’s important for the national security of our country that we’re transparent and upfront with Australians about the threats that we face,” Australia’s Minister for Home Affairs and Cyber Security Clare O’Neil said.

Canada’s cyber-security agency separately said it had no reports of Canadian victims of this hacking as yet. “However, western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”

Britain similarly warned that the techniques used by the Chinese hackers on US networks could be applied worldwide. REUTERS

More On This Topic
Beware of the Snake, Russia’s most sophisticated cyber espionage tool
SAF to equip more students with cyber-security skills in aid of national digital defence

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top