Chinese hackers targeting critical U.S. infrastructure, Microsoft warns
A state-sponsored Chinese hacking group has been spying on a large number of critical infrastructure organizations in the U.S., Microsoft said on Wednesday.
Digital Trends may earn a commission when you buy through links on our site. Why trust us?
State-sponsored hackers based in China have been working to compromise critical infrastructure in the U.S., Microsoft said on Wednesday. It’s thought the attacks could lead to the disruption of important communications between the U.S. and its interests in Asia during future crises.
Dall-E 2Notable target sites include Guam, a small island in the Pacific with an important U.S. army base that could play an important role in any clash with China over Taiwan.
The malicious activity, which is believed to be ongoing, is apparently the work of Volt Typhoon, a group that’s been active since 2021 and typically focuses on espionage and information gathering. Microsoft became aware of the action in February, around the time when the Chinese spy balloon was brought down off the coast of South Carolina, according to a New York Times report.
A large number of sectors are impacted by Volt Typhoon’s efforts and include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” the computer giant said.
The hacking group has been able to infiltrate targeted organizations using a vulnerability in a cybersecurity suite called FortiGuard, Microsoft explained. Once it’s managed to access the target’s system, it nabs user credentials from FortiGuard and then uses them in attempts to infiltrate other systems.
Microsoft said that as with any observed activity of this nature, it has directly notified targeted or compromised customers and provided them with the necessary instructions for securing their systems.
Jen Easterly, director of America’s cyber defense agency (CISA), said in a statement published on Wednesday: “For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe.”
Easterly added: “Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity … We encourage all organizations to review the advisory, take action to mitigate risk, and report any evidence of anomalous activity. We must work together to ensure the security and resilience of our critical infrastructure.”
Editors' Recommendations
U.S. federal court system cyberattack is worse than previously thought Microsoft warns of latest malware attack, explains how to avoid secret backdoor U.S. restricts trade with China’s largest chipmaker due to alleged military ties Iranian hackers targeted 2020 U.S. presidential candidates, Microsoft says The U.S. government issues warning to install this emergency Windows updateNot so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Tech manufacturing is moving out of China, but it’s not coming to the U.S.
Despite the fact that President Donald Trump and Chinese President Xi Jinping have negotiated a temporary cease-fire in the trade war, many major tech companies are moving ahead with plans to close down factories in China and relocate them elsewhere.
The future of U.S.-China trade relations is still murky enough, and the first round of tariffs continue to bite hard enough, that companies from U.S. PC giants HP and Dell to software and service-based Amazon, Google, and Microsoft are committed to pulling out of China. These are only the latest companies signaling that they are going through with the manufacturing move. Before the trade truce was reached at the G20 summit, Apple previously announced that it is looking into relocating 15 to 30 percent of its current China-based manufacturing.
Russian hackers behind ‘world’s most murderous malware’ probing U.S. power grid
A hacking group linked to the Russian government has been attempting to breach the U.S. power grid, Wired reports.
Security experts from the non-profit group the Electric Information Sharing and Analysis Center (E-ISAC) and security firm Dragos tracked the hackers -- and warn that the group has been probing the grid for weaknesses, searching for ways that they could access U.S. systems.
Microsoft calls out U.S. government for bad mapping of broadband data access
As homes across the United States becomes ever so more connected via tablets, laptops and smart devices, access to fast broadband internet has become a big issue. The FCC currently maintains that only 25 million Americans don't have access to broadband internet, but Microsoft is now challenging the number. The company is claiming that more than half of the U.S. population -- or 162.8 million people -- do not use the internet at the broadband speed of 25 Mbps.
According to Microsoft, the discrepancy between its own anonymized data and the FCC data is due to ways that the FCC collects data for broadband mapping. First, Microsoft claims that the form 477 sent by ISPs to the FCC to help collect broadband data is too broad. A simple "yes" answer to the "providing or could … without an extraordinary commitment of resources provide broadband service to an area" question on the form is used to indicate if an area of the U.S. is covered by broadband internet. Second, Microsoft holds that the FCC's data on broadband access is not location specific. For instance, if one person has access to broadband, the entire block is counted as having service.