A Chinese state-sponsored hacking group has stealthily gained access to infrastructure organizations in Guam and elsewhere in the US, with the likely aim of disrupting critical communications in the event of a crisis, according to Microsoft Corp.
(Bloomberg) — A Chinese state-sponsored hacking group has stealthily gained access to infrastructure organizations in Guam and elsewhere in the US, with the likely aim of disrupting critical communications in the event of a crisis, according to Microsoft Corp.
In a report published Wednesday, Microsoft said the group known as Volt Typhoon had been active since mid-2021, targeting organizations that span manufacturing, construction, maritime, government, information technology and education. Microsoft said it notified targeted or compromised customers after assessing with “moderate confidence” that the hacks were being carried out in preparation to upend communications during a future crisis.
Guam, a US island territory located 1,600 miles (about 2,600 kilometers) east of Manila, has become an increasingly important military and strategic hub as tensions with China ratchet up — raising the possibility that China might take military action to enforce its claim to the self-ruled island of Taiwan.
Asked about hacking reports at a regular press briefing in Beijing on Thursday, Chinese Foreign Ministry spokeswoman Mao Ning dismissed such accusations as “false information.”
“The United States is expanding new channels for disseminating false information in addition to government agencies,” she said, referencing the participation of “some companies” without naming Microsoft.
Volt Typhoon initially gained access to the targeted organizations through internet-facing devices manufactured by Fortinet Inc., a Sunnyvale, California-based cybersecurity company, according to Microsoft, adding that it was still investigating how the hackers were able to access the equipment. The hackers used whatever privileges they could gain from the Fortinet devices to extract more credentials to authenticate to other devices on the networks, Microsoft said.
There, the hackers intended “to perform espionage and maintain access without being detected for as long as possible,” Microsoft said.
A representative for Fortinet didn’t respond to a request for comment.
–With assistance from Kelly Li.
(Adds response from China’s foreign ministry.)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.