- Chinese state-backed hackers have compromised “critical” cyber infrastructure in a range of industries, including government and communications organizations, Microsoft said on Wednesday.
- The hacker group is called “Vault Typhoon” and has been in operation since 2021.
- Affected parties have already been notified.
A sign for Microsoft Corp. at the company’s office in the central business district of Lisbon, Portugal, on Tuesday, December 27, 2022.
Zed Jameson | Bloomberg | Getty Images
Microsoft warned on Wednesday that Chinese state-sponsored hackers had compromised “critical” US cyber infrastructure across a range of industries with a focus on gathering intelligence.
The Chinese hacker group, codenamed “Volt Typhoon,” has been operating since mid-2021, Microsoft said in an advisory. The organization is apparently working to disrupt “critical communications infrastructure between the United States and Asia,” Microsoft said, to hinder efforts during “future crises.”
The attack is apparently ongoing. In an advisory, Microsoft urged affected customers to “close or change credentials for all compromised accounts.”
US intelligence agencies became aware of the raid in February, around the same time a Chinese spy balloon was shot down, the New York Times reported.
The infiltration focused on communications infrastructure in Guam and other parts of the U.S., the Times reported, and was particularly alarming to U.S. intelligence because Guam sits at the heart of a U.S. military response in the event of a Taiwanese invasion.
Volt Typhoon is able to infiltrate organizations by exploiting an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once the hacker group has gained access to a corporate system, it steals user credentials from the security suite and uses them to try to gain access to other corporate systems.
The state-sponsored hackers are not out to cause disruption yet, Microsoft said. Rather, “the threat actor intends to conduct espionage and maintain access undetected for as long as possible.”
Infrastructure in nearly every critical sector has been affected, Microsoft said, including the communications, transportation and maritime industries. Public organizations were also targeted.
Chinese government-backed hackers have previously targeted critical and sensitive information from US companies. Covington and Burling, a prominent law firm, was hacked by suspected Chinese state-backed hackers in 2020.
This is breaking news. Please check back for updates.