AP

Microsoft: State-sponsored Chinese hackers could be laying groundwork for disruption

May 25, 2023, 5:45 AM | Updated: 6:59 am

FILE - A security surveillance camera is seen near the Microsoft office building in Beijing, July 2...

FILE - A security surveillance camera is seen near the Microsoft office building in Beijing, July 20, 2021. State-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises, Microsoft said Wednesday, May 24, 2023. (AP Photo/Andy Wong, File)
Credit: ASSOCIATED PRESS

(AP Photo/Andy Wong, File)

State-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises, Microsoft said Wednesday.

The targets include sites in Guam, where the U.S. has a major military presence, the company said.

Hostile activity in cyberspace — from espionage to the advanced positioning malware for potential future attacks — has become a hallmark of modern geopolitical rivalry.

Microsoft said in a blog post that the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021. It said organizations affected by the hacking — which seeks persistent access — are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors.

Separately, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and their counterparts from Australia, New Zealand, Canada and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity.”

A Microsoft spokesman would not say why the software giant was making the announcement now or whether it had recently seen an uptick in targeting of critical infrastructure in Guam or at adjacent U.S. military facilities there, which include a major air base.

John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “potentially a really important finding.”

“We don’t see a lot of this sort of probing from China. It’s rare,” Hultquist said. “We know a lot about Russian and North Korean and Iranian cyber-capabilities because they have regularly done this.” China has generally withheld use of the kinds of tools that could be used to seed, not just intelligence-gathering, but tools for disruptive attacks, he added.

Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers.

“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” said CISA Director Jen Easterly, urging mitigation of affected networks to prevent possible disruption. Bryan Vorndran, the FBI cyber division assistant director, called the intrusions “unacceptable tactics” in the same statement.

Tensions between Washington and Beijing — which the U.S. national security establishment considers its main military, economic and strategic rival — have been on the rise in recent months.

Those tensions spiked last year after then-House Speaker Nancy Pelosi’s visit to democratically governed Taiwan, leading China, which claims the island as its territory, to launch military exercises around Taiwan.

U.S.-China relations became further strained earlier this year after the U.S. shot down a Chinese spy balloon that had crossed the United States.

 

AP

moore redmond washington...

Associated Press

U.S. Supreme Court rules against Redmond couple challenging foreign income tax

The court ruled in the case of Charles and Kathleen Moore, of Redmond, Washington after they previously challenged a $15,000 tax bill.

3 days ago

Image:The New York Giants' Willie Mays poses for a photo during baseball spring training in 1972. M...

Associated Press

Willie Mays, Giants’ electrifying ‘Say Hey Kid,’ dies at 93

Willie Mays, whose singular combination of talent, drive and exuberance made him one of baseball’s greatest players, has died. He was 93.

5 days ago

Image: This photo provided by the Washington Department of Ecology shows a derailed BNSF train on t...

Associated Press

Judge orders BNSF to pay Washington tribe nearly $400M for trespassing with oil trains

BNSF Railway must pay the sum to a Native American tribe in Washington after it ran 100-car trains with crude oil on the tribe's reservation.

6 days ago

Photo: In this photo provided by Tieanna Joseph Cade, an amusement park ride is shown stuck with 30...

Associated Press

Crews rescue 28 people trapped upside down high on Oregon amusement park ride

Emergency crews in Oregon rescued 28 people after they were stuck dangling upside down high on a ride at a century-old amusement park.

6 days ago

juneteenth shooting texas...

Associated Press

2 killed and 6 wounded in shooting during a Juneteenth celebration in a Texas park

A shooting in a Texas park left two people dead and six wounded, including two children, on Saturday, authorities said.

7 days ago

Photo: Israeli soldiers drive a tank near the Israeli-Gaza border, in southern Israel, Wednesday, J...

Jack Jeffery, The Associated Press

8 Israeli soldiers killed in southern Gaza in deadliest attack on Israeli forces in months

An explosion in Gaza killed eight Israeli soldiers, the military said Saturday, making it the deadliest attack on Israeli forces in months.

8 days ago

Microsoft: State-sponsored Chinese hackers could be laying groundwork for disruption