Chinese Hackers Spying on Critical U.S. Infrastructure

State-sponsored Chinese hackers have been found to be spying on critical U.S. infrastructure, and Microsoft have warned that similar activities could be happening across the Five Eyes. Additionally, the United States Department of State believes that China is capable of disrupting oil and gas pipelines, along with rail systems, should it launch such cyberattacks.

"The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon," reads a statement collectively released by the FBI, NSA, CISA, and Five Eyes partners.

In a separate statement, Microsoft said that the company "assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises."

Microsoft continues on to say that Volt Typhoon has been active since midway through 2021, and that "in this campaign, the affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behaviour suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."

The Microsoft advisory stated that the hackers were "living off the land" in terms of the existing infrastructure, taking advantage of built-in network tools to blend in with normal Windows systems. It also warned that the hacking group could incorporate legitimate system administration commands that appear "benign". In addition to this, Volt Typhoon have been found to be targetting routers, firewalls, and VPN appliances in order to help their malicious activity blend in with legitimate network traffic in an effort to avoid detection.

The US Cybersecurity and Infrastructure Security Agency (CISA) said it was working to understand "the breadth of potential intrusions and associated impacts". Doing so will help the agency "provide assistance where needed, and more effectively understand the tactics undertaken by this adversary," says CISA’s executive assistant director, Eric Goldstein. "Many traditional methods of detection, such as antivirus, will not find these intrusions."

In a press briefing on Thursday, State Department spokesperson Matthew Miller said that "the US intelligence community assesses that China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems. It's vital for government and network defenders in the public to stay vigilant."