Microsoft officials on Wednesday issued an advisory saying a Chinese hacking group compromised “critical” U.S. cyber infrastructure focused on gathering intelligence – and urged customers to close or change credentials for exposed accounts.
“Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States,” the company said in a blog post.
According to Microsoft, the Chinese state-sponsored hacking group Volt Typhoon, which typically focuses its efforts on espionage, allegedly compromised U.S. national cyber infrastructure across numerous industries to disrupt “critical communications infrastructure between the United States and Asia” to obstruct efforts during “future crises.”
Such industries in the ongoing attack include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
“The threat actor intends to perform espionage and maintain access without being detected for as long as possible” rather than creating an immediate disruption.
Volt Typhoon infiltrates organizations by identifying unknown vulnerabilities in a cybersecurity suite called Fortiguard, according to Microsoft. After the group gains access to a system, the hackers steal user credentials and then try to gain access to other corporate systems.
The National Security Agency detailed how threat actors use techniques called living off the land to avoid detection, which uses primary tactics, techniques, and procedures from built-in network administration tools to perform their objectives. The agency further instructed cybersecurity teams on how they should respond to the hack in the bulletin on Wednesday.
Cybersecurity and Infrastructure Security Agency officials warned in a joint statement with international and domestic intelligence services that China poses a risk to American intellectual property.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” CISA director Jen Easterly said in a statement.
American intelligence agencies and Microsoft detected the Chinese hacking group had installed a mysterious computer code in telecommunications systems in Guam and other parts of the U.S. in February, around the time military authorities shot down a Chinese spy balloon off the coast of South Carolina, according to The New York Times.
U.S. companies with classified information have been targeted by Chinese government-backed hackers, CNBC reported. Suspected Chinese state-sponsored hackers compromised Covington and Burling law firm in 2020.