A state-sponsored Chinese hacking group has been spying on a wide range of U.S. critical infrastructure organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft said on Wednesday.
The espionage has also targeted the U.S. island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding “mitigating this attack could be challenging.”
It was not immediately clear how many organizations were affected, but the U.S. National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the U.S. Federal Bureau of Investigation to identify breaches.
While Chinese hackers are known to spy on Western countries, this is one of the largest known cyber-espionage campaigns against American critical infrastructure.
“A PRC (People’s Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defenses and leaving no trace behind,” NSA Cybersecurity Director Rob Joyce said in a statement.
Such “living off the land” spy techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,” he added.
The Chinese embassy in Washington did not immediately respond to a Reuters request for comment.
Microsoft said the Chinese group, which it dubbed “Volt Typhoon,” has been active since at least 2021 and has targeted a number of industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.
As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.
Analysts assessed with “moderate confidence” that this Chinese campaign was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises, Microsoft added.
Guam is home to U.S. military facilities that would be key to responding to any conflict in the Asia-Pacific region.
Canada’s cybersecurity agency separately said it had no reports of Canadian victims of this hacking as yet. “However, western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”
The UK similarly warned the techniques used by the Chinese hackers on U.S. networks could be applied worldwide.
(Additional reporting by Chavi Mehta and Tiyashi Datta in Bengaluru; Editing by Anil D’Silva and Sonali Paul)