A Chinese government-sponsored drone attack has targeted critical US infrastructure and could lay the technical foundations for the disruption of vital communications between the US and Asia in future crises, Microsoft said Wednesday.
Targets include facilities in Guam, where the United States maintains a significant military presence, the company said.
Hostile activity in cyberspace – from surveillance to malware preemption for possible future attacks – has become a hallmark of today’s geopolitical rivalry.
Microsoft noted in a blog post the status of the hacker group, which means Volt Typhoon, has been in operation since mid-2021. He added that some of the organizations affected by the automobile – seeking persistent access – include the telecommunications, manufacturing, utilities, transportation, construction, maritime, information technology, and education sectors.
Separately, the National Security Agency, the FBI, the Cyber and Infrastructure Security Agency, and their counterparts in Australia, New Zealand, Canada, and Great Britain, issued a joint technical communication advisory about a “cluster of newly discovered activity.”
A Microsoft spokesman declined to say why the tech giant made the announcement at this time or whether it has seen a recent spike in attacks on vital infrastructure in the Guam region or adjacent US military installations in the region, including a major air force.
John Hultquist, lead analyst for Mandiant Google’s cybersecurity intelligence operation, said Microsoft’s announcement “may be an important discovery.”
We don’t see many of these types of reports from China. They are unusual,’ he said. “We know a lot about the cyber capabilities of Russia and North Korea and Iran because they have done this on a regular basis.” China has generally refrained from using the type of equipment that can be used to plant not only intelligence-gathering capabilities, but also malware for damaging attacks in armed conflict, he said.
Microsoft said the raid campaign “strongly emphasized theft” and tried to blend in with normal network activity, on small office network equipment, including routers. He said they initially received access through Fortiguard, which is designed to use machine learning to detect malware.