Microsoft claims hackers of Chinese descent are preparing to disrupt key US infrastructure. The tech company claims that hackers are now preparing to attack communications in future crises.
Microsoft US Infrastructure
Cybersecurity researchers from Microsoft have now claimed that they have uncovered a state-sponsored backing group from China. The researchers claim that these hackers for the past two years have been actively targeting important infrastructural organizations in the United States.
The researchers from Microsoft have claimed that the group in question, which it calls Volt Typhoon, for some time has been focused on espionage and information gathering, with the sole aim of developing solutions that can help disrupt critical communications infrastructure that is between the United States and Asia during future crises.
The US and China Relations
The US and China are at the moment in disagreement over the future of Taiwan, with many media outlets even claiming that the Chinese are getting ready for a full-scale invasion of the island. US president Joe Biden recently stated, on several occasions, that the US is ready to defend Taiwan with military force if ever the need arises.
Taiwan among many other things as you should know is one of the biggest manufacturers of semiconductors in the world.
The Group Has Been Operating Since Mid-2021
Microsoft however claims that ever since mid-2021, the group has been actively targeting organizations in industries like communications, utility, manufacturing, construction, transportation, government, maritime, information technology, and education, in the region of Guam, and elsewhere in the United States.
Guam as you should know is an unincorporated territory of the United States in the Micronesia sub-region of the western Pacific Ocean, thus very much relatively close to Taiwan.
How the Group Operated
And in order to achieve their goal of espionage as well as intelligence gathering, while at the same time remaining undetected for as long as possible, the group reportedly deployed specific tactics, Microsoft states, and this is inclusive of living-off-the-land techniques and hands-on-keyboard activity.
Among many other things, the group reportedly stole login credentials from local and network systems and then tried to exfiltrate sensitive data swiftly simply by blending into normal network activity. They effectively did that simply by routing traffic via compromised small office and home office network equipment like routers, firewalls, and VPN hardware.
How the Group Infiltrated Systems
The group for initial access made use of a zero-day vulnerability in the internet-facing Fortinet FortiGuard devices.
“As with any observed nation-state actor activity, Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments,” the company revealed.
MORE RELATED POSTS