Microsoft has revealed that China-sponsored hackers have been targeting the US cyberinfrastructure via the American island territory of Guam.
Chinese hacker group Volt Typhoon, an active espionage agent since 2021, has been conducting malicious cyber activities via Guam, the tech major revealed in a cyber alert yesterday (May 24). The island territory, located 2,491 kilometers east of the Philippines, hosts three critical US military bases.
The “observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft said.
This is called the living-off-the-land technique in the world of espionage. It involves blending into normal network activity by routing traffic through compromised network equipment such as routers, firewalls, and VPN hardware.
Affected US organizations include those in the communication, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
Amid the ongoing hacking attacks, Microsoft has asked entities that suspect their accounts to be affected to “close or change” them.
US intelligence agencies began receiving leads into the attacks in February soon after the US military downed a Chinese spy balloon flying just off the coast of South Carolina.
Now, the US National Security Agency has sent a cyber defense advisory to cyber security agencies, explaining how they should respond.
China’s “aggressive cyber operations” aim to “steal intellectual property and sensitive data from organizations around the globe,” according to a press statement by Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency. This is something the US has accused China of for years.
“The FBI continues to warn against China engaging in malicious activity with the intent to target critical infrastructure organizations and use identified techniques to mask their detection,” Bryan Vorndran, assistant director of the Federal Bureau of Investigation’s cyber division, said in the same statement.
Beijing, meanwhile, has called Microsoft’s report “highly unprofessional” and a source of disinformation.
The report itself is based on cyber reportage of the Five Eyes alliance comprising agencies of the US, UK, Canada, Australia, and New Zealand.
That makes the matter all the more pertinent. “There’s significant concern over what this attack might be a precursor to in terms of the intent behind it, and the sabotage element here,” Jamie Norton, a partner at restructuring and advisory firm McGrathNicol, told the BBC.