Microsoft and US raise alarm: hacker attack sponsored by China
The United States and its Western allies have warned that hackers linked to the Chinese state have attacked telecommunications systems in the territory of Guam. The group of hackers, codenamed "Volt Typhoon," has been operating since mid-2021, Microsoft said in an alert. The American accusations and the Chinese reply
A Chinese state-sponsored hacker group has targeted critical US infrastructure, Washington's allegation backed by allies and Microsoft.
In a joint communication, the competent cybersecurity authorities of the US, Canada, the United Kingdom, Australia and New Zealand warned against "activities associated with a cyber actor, also known as a Volt Typhoon, sponsored by the People's Republic of China".
The US company, together with federal intelligence agencies, has identified a computer code placed within the telecommunications systems in the territory of Guam, in the Pacific Ocean. According to details released by Microsoft, the attackers managed to infiltrate organizations across all industries by exploiting vulnerabilities in a popular cybersecurity platform called FortiGuard.
U.S. intelligence agencies became aware of the incursion in February, around the same time as the sighting (and shooting down) of the Chinese spy balloon , reported The New York Times .
The discovery alarmed the US authorities: the unincorporated territory of Guam, which hosts an important US military base, represents a pivotal point in a possible US response to a possible military operation by Beijing against Taiwan.
The National Security Agency (NSA) released a bulletin yesterday, detailing how the hack works and how cybersecurity teams should respond.
All the details.
VOLT TYPHOON HACKER GROUP RESPONSIBLE
Behind the attack is the Volt Typhoon group, a Chinese state-sponsored actor that typically focuses on espionage and intelligence gathering. Volt Typhoon has been active since mid-2021 and has been targeting critical infrastructure organizations in Guam and elsewhere in the United States, Microsoft said.
ATTACK IN PROGRESS
Rob Joyce, the director of information security for the NSA, described the attack style as "living off the land," using existing network tools and valid credentials to better avoid detection. In fact, once the hacker group gains access to a corporate system, they steal the user's credentials from the security suite and use them to attempt to gain access to other corporate systems.
The attack is apparently underway. "In this campaign, targeted organizations span the communications, manufacturing, utilities, transportation, construction, marine, government, information technology, and education industries," Microsoft said.
OBJECTIVE
The Redmond company believes the Volt Typhoon campaign is seeking to develop capabilities that could disrupt critical communications infrastructure between the United States and Asia during future crises. According to the tech giant, “the threat actor intends to spy and maintain access undetected for as long as possible” rather than creating an immediate disruption.
THE ACTIONS TO BE TAKEN
Therefore, in its communication, Microsoft urged affected customers to "close or change the credentials for all compromised accounts". The code would allow third parties to access remote computer servers, especially older models of routers that have not received updates to meet modern security standards.
THE BEIJING REPLY
In response to what Washington, Western partners and Microsoft have denounced, China has accused the US and its allies of a "disinformation campaign", reports Ansa . “This is an extremely unprofessional report with a missing chain of evidence, this is just a cut and paste job,” thundered Foreign Ministry spokeswoman Mao Ning.
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/microsoft-e-usa-lanciano-allarme-attacco-hacker-sponsorizzato-dalla-cina/ on Thu, 25 May 2023 09:01:44 +0000.