US, allies, Microsoft allege attacks by China-backed cyber actor

The United States, its Western allies and Microsoft have alleged that a state-sponsored Chinese cyber actor had infiltrated critical US infrastructure networks and warned that similar activities could occur globally.

"The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory [CSA] to highlight a recently discovered cluster of activity of interest associated with a People's Republic of China [PRC] state-sponsored cyber actor, also known as Volt Typhoon," said a statement released by US, Australian, Canadian, New Zealand and UK authorities on Wednesday.

There was no immediate reaction from Beijing on the allegations.

In a separate statement, Microsoft said Volt Typhoon had been active since mid-2021 and had targeted critical infrastructure in Guam, a crucial US military outpost in the Pacific Ocean.

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the statement said.

It said organisations affected by the hacking — which seeks persistent access — are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors.

Hostile activity in cyberspace — from espionage to the advanced positioning of malware for potential future attacks — has become a hallmark of modern geopolitical rivalry.

'Unacceptable tactics'

Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers.

It said the intruders gained initial access through internet-facing Fortiguard devices, which are engineered to use machine-learning to detect malware.

“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organisations around the globe," said Cybersecurity and Infrastructure Security Agency [CISA] Director Jen Easterly, urging mitigation of affected networks to prevent possible disruption.

Bryan Vorndran, the FBI cyber division assistant director, called the intrusions “unacceptable tactics” in the same statement.

Tensions between Washington and Beijing — which the US national security establishment considers its main military, economic and strategic rival — have increased in recent months.

Those tensions spiked last year after then-House speaker Nancy Pelosi's visit to Taiwan, leading China, which sees the island as its breakaway territory, to launch military exercises around Taiwan.

US-China relations were further strained this year after the US shot down a Chinese "spy balloon" crossing the United States.