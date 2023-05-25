Microsoft has issued a warning stating that a state-sponsored Chinese cyberespionage group, Volt Typhoon, has been targeting critical infrastructure organisations across the United States, since at least mid-2021.

"Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States," Microsoft said in a blog post.

Microsoft noted that it has been tracking the hacking group, which has been spying on multiple critical organisations, from telecommunications to transportation hubs, the Western intelligence agencies and Microsoft said on Wednesday.

Microsoft said in a report that the espionage has also targeted the US island territory of Guam, which is home to strategically important American military bases that would be key to responding to any conflict in the Asia-Pacific region.

In the blog post, it was added that the observed behaviour suggests that the "threat actor intends to perform espionage and maintain access without being detected for as long as possible".

Microsoft added that "mitigating this attack could be challenging".

As reported by news agency Reuters, the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the US Federal Bureau of Investigation to identify breaches.

Meanwhile, it was not immediately clear how many organisations were affected.

While Chinese hackers are known to spy on Western countries, this is one of the largest known cyber espionage campaigns against American critical infrastructure.

NSA Cybersecurity Director Rob Joyce said in a statement: "A PRC (People's Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defenses and leaving no trace behind."

He added that such "living off the land" spy techniques are harder to detect as they use "capabilities already built into critical infrastructure environments'.

The post added, "Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises."

Reuters mentioned that Canada's cybersecurity agency separately said it had no reports of Canadian victims of this hacking as yet. "However, western economies are deeply interconnected, Much of our infrastructure is closely integrated and an attack on one can impact the other," it added.

