16.7 C
Athens
Τρίτη, 5 Νοεμβρίου, 2024

China Hacks US Critical Networks in Guam, Raising Cyberwar Fears

wired.com

Περισσότερα Νέα

- Advertisement -

AS STATE-SPONSORED HACKERS working on behalf of Russia, Iran, and North Korea have for years wreaked havoc with disruptive cyberattacks across the globe, China’s military and intelligence hackers have largely maintained a reputation for constraining their intrusions to espionage. But when those cyberspies breach critical infrastructure in the United States—and specifically a US territory on China’s doorstep—spying, conflict contingency planning, and cyberwar escalation all start to look dangerously similar.

On Wednesday, Microsoft revealed in a blog post that it has tracked a group of what it believes to be Chinese state-sponsored hackers who have since 2021 carried out a broad hacking campaign that has targeted critical infrastructure systems in US states and Guam, including communications, manufacturing, utilities, construction, and transportation.

The intentions of the group, which Microsoft has named Volt Typhoon, may simply be espionage, given that it doesn’t appear to have used its access to those critical networks to carry out data destruction or other offensive attacks. But Microsoft warns that the nature of the group’s targeting, including in a Pacific territory that might play a key role in a military or diplomatic conflict with China, may yet enable that sort of disruption.

“Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” the company’s blog post reads. But it couples that statement with an assessment with “moderate confidence” that the hackers are “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

Google-owned cybersecurity firm Mandiant says it has also tracked a swath of the group’s intrusions and offers a similar warning about the group’s focus on critical infrastructure “There’s not a clear connection to intellectual property or policy information that we expect from an espionage operation,” says John Hultquist, who heads threat intelligence at Mandiant. “That leads us to question whether they’re there because the targets are critical. Our concern is that the focus on critical infrastructure is preparation for potential disruptive or destructive attack.”

- Advertisement -

This aligns with Microsoft’s conclusions. A spokesperson told WIRED in a statement that the company has moderate confidence about the group laying the groundwork to expand its operations beyond espionage because “the capability to disrupt is present,” but there is not enough evidence to indicate “clear intent to disrupt.”

The group’s “actions suggest this is not an exclusively espionage objective,” the spokesperson wrote in the statement. “Focused effort to maintain access to these types of targeted organizations suggests that the threat actor anticipates additional future operations against those systems.”

Microsoft’s blog post offered technical details of the hackers’ intrusions that may help network defenders spot and evict them: The group, for instance, uses hacked routers, firewalls, and other network “edge” devices as proxies to launch its hacking—targeting devices that include those sold by hardware makers ASUS, Cisco, D-Link, Netgear, and Zyxel. The group also often exploits the access provided from compromised accounts of legitimate users rather than its own malware to make its activity harder to detect by appearing to be benign.

Blending in with a target’s regular network traffic in an attempt to evade detection is a hallmark of Volt Typhoon and other Chinese actors’ approach in recent years, says Marc Burnard, a senior consultant of information security research at Secureworks. Like Microsoft and Mandiant, Secureworks has been tracking the group and observing its campaigns. He added that the group has demonstrated a “relentless focus on adaption” to pursue its espionage.

US government agencies, including the National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and the Justice Department published a joint advisory about Volt Typhoon’s activity today alongside Canadian, UK, and Australian intelligence. “Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the agencies wrote.

Although Chinese state-sponsored hackers have never launched a disruptive cyberattack against the United States—even over decades of data theft from US systems—the country’s hackers have periodically been caught inside US critical infrastructure systems. As early as 2009, US intelligence officials warned that Chinese cyberspies had penetrated the US power grid to “map” the country’s infrastructure in preparation for a potential conflict. Two years ago, CISA and the FBI also issued an advisory that China had penetrated US oil and gas pipelines between 2011 and 2013. China’s Ministry of State Security hackers have gone much further in cyberattacks against the country’s Asian neighbors, actually crossing the line of carrying out data-destroying attacks disguised as ransomware, including against Taiwan’s state-owned oil firm CPC.

This latest set of intrusions seen by Microsoft and Mandiant suggests that China’s critical infrastructure hacking continues. But even if the Volt Typhoon hackers did seek to go beyond espionage and lay the groundwork for cyberattacks, the nature of that threat is far from clear. State-sponsored hackers are, after all, often assigned to gain access to an adversary’s critical infrastructure as a preparatory measure in case of a future conflict, since gaining the access necessary for a disruptive attack usually requires months of advanced work.

- Advertisement -

ΑΠΑΝΤΗΣΤΕ

εισάγετε το σχόλιό σας!
παρακαλώ εισάγετε το όνομά σας εδώ

The reCAPTCHA verification period has expired. Please reload the page.

Ροή ειδήσεων

ΣΧΕΤΙΚΑ ΑΡΘΡΑ

Pakistan is third worst nation globally in terms of law and order: World Justice Project index

In the latest World Justice Project (WJP) Rule of Law Index for 2024, Pakistan has been ranked 140th out of 142 countries, making it...

EU raises concern over Chinese aggression in Taiwan

The European Commission in a report raised concern over China's aggression against Taiwan and suggested that the EU step up exchanges with Taipei, Taipei...

Taiwan detects 6 Chinese military aircraft, 9 vessels around territory

Taiwan's Ministry of National Defence (MND) reported Chinese military activity near the island on Tuesday and said that by 6 am (local time), six...

China Tries to Blot out Tibetan Criticism of Mining Firm’s Damage to the Environment 

Chinese censors are trying to prevent people from viewing posts that allege severe environmental damage in Tibet caused by sand mining. A young Tibetan man...

ΔΗΜΟΦΙΛΗ ΑΡΘΡΑ

Aποκλειστικό: Σοκ στην Τουρκία-Εκδήλωση για την συμμαχία Ισραήλ-Κουρδιστάν!-Ομιλητές από Ισραήλ,Τουρκία,Γαλλία & ΗΠΑ!

Δείτε τι αναφέρουν τουρκικά ΜΜΕ: ''Ενώ οι αδιάκοπες σφαγές του Ισραήλ συνεχίζονται στη Λωρίδα της Γάζας και στον Λίβανο, ο σιωνιστικός στρατός έχει βάλει στο...

Αποκλειστικό-Στα ”κάγκελα” οι Τούρκοι: ”Ο Πομπέο έδωσε υποσχέσεις στην Αθήνα-Μήνυμα κατά της Τουρκίας!”

Δείτε τι αναφέρει τουρκικό ΜΜΕ: ''Ο Πομπέο φέρεται να έφτασε μυστικά στην Αθήνα, όπου δείπνησε με τον πρωθυπουργό Κυριάκο Μητσοτάκη σε γνωστό εστιατόριο της περιοχής...

Αποκλειστικό-Τούρκοι: ”Κάνουμε ασκήσεις με τους Αλβανούς & στέλνουμε μήνυμα στην προκλητική Ελλάδα!”-Εμείς επιτρέψαμε στον Ράμα να μιλήσει στην Θεσσαλονίκη!

Δείτε τι αναφέρει τουρκικό ΜΜΕ: ''Η Αλβανία και η Τουρκία αυξάνουν τη στρατιωτική συνεργασία και τη διαλειτουργικότητα με ναυτικές αμφίβιες ασκήσεις σε ένα σαφές...

Αποκλειστικό: Χρηματοδότης του ISIS εξασφάλισε την τουρκική υπηκοότητα με εντολή Ερντογάν: Στέλνει τρομοκράτες στην Ευρώπη μέσω Ελλάδας! – Όλα τα ονόματα – Εικόνες

Απόρρητα έγγραφα που εξασφάλισε το Nordic Monitor αποκάλυψαν ότι ένας χρηματοδότης του Ισλαμικού Κράτους στο Ιράκ και τη Συρία (ISIS), ο οποίος βοηθά επίσης...