CCP Hackers Preparing for Conflict with U.S by Targeting ‘Critical’ American Infrastructure, Microsoft Warns
Chinese Communist Party (CCP) hackers are targeting critical American infrastructure with cyber attacks, Microsoft has warned.
According to the Bill Gates-co-founded tech giant, the state-sponsored Chinese hackers are likely preparing for conflict between the United States and China.
Chinese state-sponsored hackers, known as “Volt Typhoon,” have successfully compromised critical US cyberinfrastructure in various industries, aiming to gather intelligence.
The hackers are focused on disrupting communication infrastructure between the United States and Asia, with the intent of maintaining undetected access for espionage purposes rather than causing immediate disruption.
Impacted organizations are advised to take action by closing or changing compromised account credentials, according to Microsoft.
Operating under the codename “Volt Typhoon” since mid-2021, the audacious group has successfully breached multiple industries, with their primary focus centered on intelligence gathering, Microsoft said.
The ongoing assault aims to disrupt vital communications infrastructure between the United States and Asia, hampering response efforts during potential future crises.
Microsoft urgently advises impacted entities to fortify their defenses by swiftly closing or changing compromised account credentials.
Exploiting a clandestine vulnerability within the widely-used FortiGuard cybersecurity suite, Volt Typhoon infiltrates corporate systems, pilfering user credentials to infiltrate other crucial networks.
Rather than causing immediate chaos, their insidious intent lies in conducting covert espionage and stealthily maintaining access for extended periods without detection.
Microsoft warns that the impact of these attacks has reverberated throughout numerous critical sectors, encompassing communications, transportation, maritime industries, and even government organizations.
The hackers continue to pose a persistent threat to US companies, with a history of targeting critical and sensitive information.
In 2020, prominent law firm Covington and Burling fell victim to suspected Chinese government-backed hackers.
This concerning trend prompted a joint statement by the Cybersecurity and Infrastructure Security Agency (CISA) in collaboration with international and domestic intelligence services, highlighting the ongoing risk Chinese attacks pose to American intellectual property.
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe,” U.S. Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly told the Associated Press.
“Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft noted in a blog post.
The U.S. National Security Agency (NSA), CISA, the FBI, and various allied cybersecurity agencies in the Anglosphere corroborated Microsoft’s claims Wednesday.
The agencies published a report indicating that “one of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives.”
“This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations,” said the report.
“Some of the built-in tools this actor uses are: wmic, ntdsutil, netsh, and PowerShell.”
This initiative does not appear to be a simple matter of private data theft, but rather one of many pre-emptive geostrategic moves to undermine the U.S.
The effort is not unlike the unanswered invasion of U.S. airspace earlier this year when a Chinese spy balloon flouted American sovereignty and flew over sensitive nuclear sites.
Meanwhile, China has made no secret of its hegemonic ambitions.
Chinese dictator Xi Jinping has telegraphed his intent to displace the United States, notwithstanding Democrat President Joe Biden’s desperate efforts to “thaw” their ostensibly icy relationship.
Despite its politicization in recent years, the Pentagon has not similarly downplayed China’s goals.
In a 2021 report, the U.S. Department of Defense (DOD) noted that the Chinese Communist Party’s aim is to “achieve ‘the great rejuvenation of the Chinese nation’ by 2049 to match or surpass U.S. global influence and power, displace U.S. alliances and security partnerships in the Indo-Pacific region, and revise the international order to be more advantageous to Beijing’s authoritarian system.”
The communist regime will reportedly undertake “far-ranging efforts” to see this geopolitical goal realized.
CISA director Easterly noted, “Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity.”
The New York Times reported that while the Volt Typhoon attacks on the U.S. presently amount to a likely espionage campaign, “the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.”
In war exercises simulating a hot conflict with China, one of the communist regime’s first anticipated moves would be to sever American communications and hamper the U.S. response time to threats, indicated the Times.
A 2022 Pentagon report noted that China “presents a sophisticated, persistent threat of cyber-enabled espionage and attack to military and critical infrastructure systems through its efforts to develop, acquire, or gain access to information and advanced technologies” and that it “seeks to create destructive effects to shape decision-making and disrupt military operations at the initial stages and throughout a conflict.’
That Guam was a target for this cyberattack is unsurprising in light of the escalating tensions over nearby Taiwan.
After all, Andersen Air Force Base on Guam would be the U.S. Air Force’s launching point to defend both Guam and Taiwan.
READ MORE: China Releases Documents Showing Millions of Dollars Flowing to Bidens from Chinese Firms