Cybersecurity

Chinese hacking campaign targeting US infrastructure: Microsoft report

The American and Chinese flags wave at Genting Snow Park ahead of the 2022 Winter Olympics, Feb. 2, 2022, in Zhangjiakou, China. Hackers working on behalf of the Chinese government broke into the computer networks of at least six state governments in the United States in the past year, according to a report released by a private cybersecurity firm. The report from Mandiant does not identify the hacked agencies or offer a motive for the intrusions, which began last May and continued through the last month.

A Chinese state-sponsored cyber actor known as Volt Typhoon has been accessing credentials and network systems of critical infrastructure organizations in the U.S., including Guam, according to a report released Wednesday by Microsoft.

Volt Typhoon, which has been active since mid-2021, has been targeting organizations in several sectors, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

Microsoft said the hacking group, which mostly focuses on espionage and information gathering, is “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

The tech giant also said the group’s objective is to spy on organizations and gain access to their networks “without being detected for as long as possible.”

Microsoft said it has also notified the targeted organizations and compromised customers and has provided them with information that will help secure their networks.


The report was released in conjunction with a joint advisory from U.S. intelligence agencies, including the NSA, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), warning critical infrastructure organizations about the increase in Chinese state-sponsored cyber activity.

“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” said CISA Director Jen Easterly.

“Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity,” she added. 

During a press briefing Thursday in Beijing, Chinese foreign ministry spokesperson Mao Ning said the hacking claims were a “collective disinformation campaign” from the Five Eyes countries, referring to the U.S., Canada, New Zealand, Australia, and the U.K, Reuters reported

“But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking,” Mao said.