US, Microsoft warn against Chinese hackers attacking ‘critical’ infrastructure

The United States, its Western allies, and Microsoft announced Wednesday that state-sponsored Chinese hackers had compromised critical U.S. infrastructure networks and warned that similar espionage attacks could occur around the world.

Microsoft highlighted Guam, a US territory in the Pacific Ocean with a key military outpost, as one of its targets, but said it also detected “malicious” activity elsewhere in the US.

The stealth attack, carried out by China-backed attackers dubbed the “Bolt Typhoon” from mid-2021, will enable long-term espionage operations and aims to thwart the United States in the event of a conflict in the region. The paper said it likely did.

“Microsoft has some confidence that this Bolt Typhoon campaign seeks to develop capabilities that could disrupt critical telecommunications infrastructure between the United States and the Asian region in the event of a future crisis. We appreciate it,” he said in a statement.

“Organizations affected by this campaign span the telecommunications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education sectors.”

Microsoft’s statement comes alongside advisories issued by authorities in the United States, Australia, Canada, New Zealand and the United Kingdom warning that hacking is likely occurring on a global scale.

“This activity impacted networks in critical infrastructure areas in the United States, and the authors believe attackers may apply the same techniques to these areas and other areas around the world. there is,” he said.

“Living on land”

The United States and its allies said the campaign included “living off the land” tactics that make use of built-in networking tools that blend into regular Windows systems.

He warned that the hack could include legitimate system administration commands that appear “harmless.”

Microsoft said the Bolt Typhoon attack tried to blend in with normal network activity by routing traffic through compromised small office and home office network equipment such as routers, firewalls and VPN hardware. said.

“They have also been observed using custom versions of open source tools,” Microsoft said.

Microsoft and security agencies have released guidelines to help organizations detect and combat hacks.

“This is what I call slow and slow cyber activity,” said Alastair McGibbon, chief strategy officer at CyberCX Australia and former director of the Australian Cyber ​​Security Center.

“He’s in a camouflage vest and has a sniper rifle. He’s invisible, he’s not there,” he told AFP.

“When you think about what can really cause catastrophic harm, it’s someone who has the intention and takes the time to get into your system.”

Cyber ​​attackers can steal information once they get in, he said. “But it also gives us the ability to perform destructive acts at a later stage.”

“very sophisticated”

Since the Bolt Typhoon alert was issued, many other governments have also spotted similar activity, said Robert Potter, co-founder of Australian cybersecurity firm Internet 2.0.

“We don’t know how the telecommunications infrastructure would be compromised by these attacks, as these networks are highly resilient and difficult to bring down for more than a short period of time,” Potter told AFP.

“However, the ongoing threat posed by China-based Advanced Persistent Threat (APT) groups is real.”

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, said China has been stealing intellectual property and data around the world for years.

“Today’s recommendations, issued jointly with the United States and international partners, reflect just how sophisticated China is using to target our nation’s critical infrastructure,” Easterly said.

China did not immediately respond to the allegations. However, it has always denied carrying out state-sponsored cyberattacks.

Meanwhile, China regularly accuses the United States of cyber espionage.

https://www.voanews.com/a/u-s-microsoft-warn-chinese-hackers-attacking-critical-infrastructure/7108451.html US, Microsoft warn against Chinese hackers attacking ‘critical’ infrastructure

Exit mobile version