A Chinese state-sponsored hacking group, Volt Typhoon, has been accused of carrying out cyberespionage operations on US targets.
The US State Department has warned that China is capable of launching cyberattacks against critical US infrastructure, including oil and gas pipelines as well as rail systems, after researchers discovered that a Chinese hacking group was spying on such networks.
A multi-agency alert earlier this week revealed that the Chinese cyber espionage campaign was targeting military and government targets in the United States.
“The US intelligence community assesses that China is nearly capable of conducting cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems,” State Department spokesman Matthew Miller said at a briefing Thursday.
“It is essential for government and network advocates in the public to remain vigilant,” he said.
The spying group — dubbed “Volt Typhoon” by Microsoft — was the subject of an alert issued by cybersecurity and intelligence agencies in the United States, Australia, Canada, New Zealand and the United Kingdom – known as the “Five Eyes” – on Wednesday.
Microsoft researchers said the Volt Typhoon is developing capabilities that “could disrupt critical communications infrastructure between the United States and the Asian region during future crises” – a reference to escalating tensions between China and the United States over Taiwan and other issues.
Microsoft said the Volt Typhoon campaign relied on “live from the ground” attacks, which are fileless malware that uses existing software to perform attacks rather than installing the files themselves. The tech giant said Volt Typhoon blends in with normal network activity by routing data through office and home networking devices such as routers, firewalls and VPNs, making it extremely difficult to detect.
Microsoft said the hacking group targeted critical infrastructure organizations in the US Pacific territory of Guam, adding that security firm Fortinet’s FortiGuard hardware was misused by Volt Typhoon to break into its targets.
The US Cybersecurity and Infrastructure Security Agency (CISA) said separately that it was working to understand the “breadth of potential intrusions and their associated impacts”.
This will help the agency “provide assistance when needed, and more effectively understand the tactics this adversary is taking,” Eric Goldstein, CISA’s assistant executive director, told the Reuters news agency.
“Many traditional detection methods, such as antivirus software, will not find these intrusions.”
Researcher Mark Burnard, whose organization Secureworks has dealt with several Volt Typhoon-related hacks, said Secureworks saw no evidence of destructive activity by Volt Typhoon but that its hackers focused on stealing information that would “shed light on US military activities.”
The Chinese government described the joint warning issued this week by the United States and its allies as a “mass disinformation campaign”.
Chinese Foreign Ministry spokesman Mao Ning told reporters that the Five Eyes alerts were intended to promote their intelligence alliance and that Washington was responsible for the hacking.
“This is a very unprofessional report with a missing chain of evidence. This is just scissors and paste work,” Mao said.
She said, “The United States is a hacking empire.”
“Internet practitioner. Social media maven. Certified zombieaholic. Lifelong communicator.”