Volt Typhoon, a Chinese-sponsored threat actor, might be on a mission to disrupt critical communication infrastructure between the US and Asia during future crises, Microsoft said “with moderate confidence” on Wednesday.
The Microsoft report was accompanied by the joint Cybersecurity Advisory written by the United States National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the FBI, among other agencies, to “help net defenders hunt for this activity on their systems”.
“One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives,” the advisory reads.
Active since mid-2021, Volt Typhoon focuses on espionage and maintaining access without being detected for as long as possible. It has targeted critical infrastructure organizations in Guam – a US island territory in the Western Pacific – and elsewhere in the US.
“In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors,” Microsoft said.
The threat actor gains initial access through internet-facing Fortinet FortiGuard devices. It blends with normal Windows system and network activities to successfully avoid detection. Once inside the network, Volt Typhoon conducts hands-on-keyboard activity, some of which “appears to be exploratory or experimental”.
“The empire of hacking”
According to Reuters, the Chinese foreign ministry spokesperson Mao Ning said on Thursday that the hacking allegations were a "collective disinformation campaign" from the Five Eyes countries, a reference to the intelligence-sharing grouping of countries made up of the US, Canada, New Zealand, Australia, and the UK.
Mao said the campaign was launched by the US for geopolitical reasons and that the report from Microsoft analysts showed that the US government was expanding its channels of disinformation beyond government agencies.
"But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking," she told a regular press briefing in Beijing.
More from Cybernews:
Subscribe to our newsletter