Chinese hackers are spying on America’s critical infrastructure

A group of Chinese state-sponsored hackers have been spying on critical infrastructure in the United States and their espionage activities could be happening on a global scale.

The National Security Agency and a group of allied Western intelligence partners issued a Joint Cybersecurity Advisory on May 24th warning of Chinese-backed hacking activity. 

“Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure,” said Jen Easterly, the Director of (CISA)

In the advisory, western intelligence agencies warned that a state-sponsored group of hackers known as Volt Typhoon had accessed America’s critical infrastructure sectors. 

“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,” said Paul Chichester, the Director of Operations for the NCSC. 

The western intelligence agencies said private sector partners had identified the activity and warned Volt Typhoon could target other critical infrastructure sectors worldwide. 

Microsoft was the private sector partner that first identified the malicious hacking activity and issued its own statement explaining the situation and what Volt Typhoon accessed. 

Volt Typhoon was likely looking to develop the ability to disrupt critical communications infrastructure between the U.S. and Asia in the event of a crisis according to Microsoft. 

A variety of organizations fell victim to the hacking groups campaign and Microsoft said that the communication, manufacturing, utility, and transportation sectors were affected. 

Maritime, government, information technology, and education sectors were accessed as well and Microsoft said it chose to highlight the activity over concerns it would affect customers, adding that "detecting and mitigating this attack could be challenging."

Microsoft’s statement noted, “observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”

Chinese Foreign Ministry spokesperson Mao Ning called the allegations from western intelligence and Microsoft a “collective disinformation campaign” according to Reuters.

“It’s widely known that the Five Eyes is the world’s biggest intelligence association and the NSA the world’s biggest hacking group,” Ning told reporters at a press conference. 

“It is ironic that the Five Eyes jointly released a report filled with disinformation,” Ning added according to an English translation from the Chinese Ministry of Foreign Affairs. 

Mao went on to say that the involvement of a “certain company” showed that the United States expanded its channels for spreading disinformation and added that “whatever their subterfuge, it will not change the fact that the US is the champion of hacking.” 

Volt Typhoon has been active since mid-2021 according to Microsoft and noted that the group targeted critical infrastructure Guam, which is the home of several important military facilities that would be crucial during a crisis in Asia according to The Guardian.