WASHINGTON: An alleged campaign of Chinese state-sponsored hackers Targets in the United States and Guam have raised concerns that Beijing is preparing to disrupt communications in the Pacific in the event of a conflict.
The hacking campaign was first identified by Microsoft Corp on Wednesday and was quickly confirmed by authorities in the US, UK and other allied nations. Microsoft said the group of hackers, known as Volt Typhoon, infiltrated government, media, manufacturing and IT organizations in the US and Guam, a key military post in the western Pacific.
While the identities of most of the hacking victims remain unknown, US Secretary of the Navy Carlos Del Toro told CNBC on Thursday that the Navy has been affected by the hacks. The extent of the breach was not immediately known. A spokesman for the US navy declined to “discuss the status of our network”.
Meanwhile, Rob Joyce, director of cybersecurity at the National Security Agency, told CNN on Thursday that Chinese hackers can still gain access to sensitive US networks they’ve targeted. . Joyce said the intrusions stand out for their blatant level of “scope and scale”.
An NSA representative declined to comment and instead referred to a release by the NSA and other US agencies about the Chinese hacking group.
Microsoft said it has “moderate confidence” that the breaches were made in preparation for upgrading communications in the event of a future crisis. The company’s disclosure comes amid growing concern that China may take military action to enforce its claim to the self-ruled island of Taiwan.
Jon Darby, the NSA’s director of operations until his retirement after 39 years at the spy agency in August, said the operation was consistent with a well-known way to infiltrate networks by accessing they were at the edges instead of in what he called the red heart and then went undetected for many years.
Darby, who is not familiar with the details of this particular case, said: “What’s interesting is that they infiltrated from home routers into the US Navy infrastructure.
He said: “The scary thing is that they can then launch disruptive or destructive attacks when things are hitting the fans. “If they are in these networks, they can wreak havoc. You have to identify and plug the vulnerabilities that allow them to enter these networks and destroy them.”
The NSA, along with intelligence agencies from the UK, Australia, New Zealand and Canada also shared more details about the hackers. Those countries are all part of a key intelligence alliance, which includes sharing cybersecurity information, known as Five Eyes.
China has denied the hacking allegations.
“We note this extremely unprofessional report – a patchwork with a broken chain of evidence,” said Chinese Foreign Ministry spokesman Mao Ning. “Clearly, this is a collective disinformation campaign launched by the United States through Five Eyes to serve its geopolitical agenda. Everyone knows that Five Eyes is the biggest intelligence association in the world and the NSA is the biggest hacker group in the world.”
The United States has previously accused Chinese hackers of espionage and intellectual property theft, including the office of human resources management data breach in 2015 and the Equifax hack in 2017. , a Senate committee found that hackers linked to the Chinese government accessed the data of military contractors including airlines and technology companies.
It’s not clear why Microsoft, the US and their allies decided to highlight the hacking group this week. John Hultquist, chief analyst at Mandiant Intelligence, a Google subsidiary, said one reason could be to give private companies a head start in defending against this group of Chinese hackers. long before the potential conflict with China over Taiwan.
“The burden of protecting critical infrastructure from severely disruptive cyberattacks rests with the private sector. They have to protect these networks,” Hultquist said. “That’s why it’s so important to get this intelligence into their hands. Otherwise, it’s almost useless.”
Insights into the alleged attacks provide rare insights into the potential sabotage efforts of Chinese hackers, who are accused of stealing intellectual property and spying capabilities. know more. In contrast, cybersecurity experts have documented Russian attacks on critical infrastructure, including attacks on power grids in Ukraine.
Dakota Cary, a consultant at Krebs Stamos Group, described the hacking group: “This organization has been around for a long time. “When they cross the line for something of military combat value, that’s when it changes.”
The hacking campaign was first identified by Microsoft Corp on Wednesday and was quickly confirmed by authorities in the US, UK and other allied nations. Microsoft said the group of hackers, known as Volt Typhoon, infiltrated government, media, manufacturing and IT organizations in the US and Guam, a key military post in the western Pacific.
While the identities of most of the hacking victims remain unknown, US Secretary of the Navy Carlos Del Toro told CNBC on Thursday that the Navy has been affected by the hacks. The extent of the breach was not immediately known. A spokesman for the US navy declined to “discuss the status of our network”.
Meanwhile, Rob Joyce, director of cybersecurity at the National Security Agency, told CNN on Thursday that Chinese hackers can still gain access to sensitive US networks they’ve targeted. . Joyce said the intrusions stand out for their blatant level of “scope and scale”.
An NSA representative declined to comment and instead referred to a release by the NSA and other US agencies about the Chinese hacking group.
Microsoft said it has “moderate confidence” that the breaches were made in preparation for upgrading communications in the event of a future crisis. The company’s disclosure comes amid growing concern that China may take military action to enforce its claim to the self-ruled island of Taiwan.
Jon Darby, the NSA’s director of operations until his retirement after 39 years at the spy agency in August, said the operation was consistent with a well-known way to infiltrate networks by accessing they were at the edges instead of in what he called the red heart and then went undetected for many years.
Darby, who is not familiar with the details of this particular case, said: “What’s interesting is that they infiltrated from home routers into the US Navy infrastructure.
He said: “The scary thing is that they can then launch disruptive or destructive attacks when things are hitting the fans. “If they are in these networks, they can wreak havoc. You have to identify and plug the vulnerabilities that allow them to enter these networks and destroy them.”
The NSA, along with intelligence agencies from the UK, Australia, New Zealand and Canada also shared more details about the hackers. Those countries are all part of a key intelligence alliance, which includes sharing cybersecurity information, known as Five Eyes.
China has denied the hacking allegations.
“We note this extremely unprofessional report – a patchwork with a broken chain of evidence,” said Chinese Foreign Ministry spokesman Mao Ning. “Clearly, this is a collective disinformation campaign launched by the United States through Five Eyes to serve its geopolitical agenda. Everyone knows that Five Eyes is the biggest intelligence association in the world and the NSA is the biggest hacker group in the world.”
The United States has previously accused Chinese hackers of espionage and intellectual property theft, including the office of human resources management data breach in 2015 and the Equifax hack in 2017. , a Senate committee found that hackers linked to the Chinese government accessed the data of military contractors including airlines and technology companies.
It’s not clear why Microsoft, the US and their allies decided to highlight the hacking group this week. John Hultquist, chief analyst at Mandiant Intelligence, a Google subsidiary, said one reason could be to give private companies a head start in defending against this group of Chinese hackers. long before the potential conflict with China over Taiwan.
“The burden of protecting critical infrastructure from severely disruptive cyberattacks rests with the private sector. They have to protect these networks,” Hultquist said. “That’s why it’s so important to get this intelligence into their hands. Otherwise, it’s almost useless.”
Insights into the alleged attacks provide rare insights into the potential sabotage efforts of Chinese hackers, who are accused of stealing intellectual property and spying capabilities. know more. In contrast, cybersecurity experts have documented Russian attacks on critical infrastructure, including attacks on power grids in Ukraine.
Dakota Cary, a consultant at Krebs Stamos Group, described the hacking group: “This organization has been around for a long time. “When they cross the line for something of military combat value, that’s when it changes.”
