The Chinese state-sponsored hacking group Volt Typhoon has been accused of cyber espionage against US targets.
The US State Department has warned that China is capable of launching cyber-attacks against critical US infrastructure, including oil and gas pipelines and rail systems, after investigators discovered that a Chinese hacking group had spied on such networks.
A multinational alert earlier this week revealed that a Chinese cyber-espionage campaign was targeting military and government targets in the US.
“The U.S. intelligence community assesses that China is almost certainly capable of launching cyberattacks that could disrupt critical infrastructure services in the United States, including against oil and gas pipelines and rail systems,” State Department spokesman Matthew Miller said in a news conference Thursday.
“It is vital for the government and network advocates in the public to remain vigilant,” he said.
The espionage group — dubbed “Volt Typhoon” by Microsoft — was the subject of a warning on Wednesday from cybersecurity and intelligence agencies in the US, Australia, Canada, New Zealand and the United Kingdom — known as the “Five Eyes.”
Microsoft researchers said Volt Typhoon was developing capabilities “that could disrupt critical communications infrastructure between the United States and Asia during future crises” — a nod to escalating tensions between China and the United States over Taiwan and other issues.
Microsoft said the Volt Typhoon campaign relies on “living off the land” attacks, which are fileless malware that uses existing programs to launch attacks rather than installing files themselves. The tech giant said Volt Typhoon blends into normal network activity by routing data through office and home networking equipment such as routers, firewalls and VPNs, making it extremely difficult to detect.
The hacking group has targeted critical infrastructure organizations in the U.S. Pacific region of Guam, Microsoft said, adding that security company Fortinet’s FortiGuard devices were misused by Volt Typhoon to break into its targets.
The US Cybersecurity and Infrastructure Security Agency (CISA) said separately that it was working to understand “the scope of potential breaches and associated consequences”.
That would help the agency “provide assistance where needed, and better understand this adversary’s tactics,” CISA executive assistant director Eric Goldstein told Reuters news agency.
“Many traditional detection methods, such as antivirus, will not find these intrusions.”
Researcher Marc Burnard, whose organization Secureworks has handled several break-ins related to Volt Typhoon, said Secureworks had seen no evidence of Volt Typhoon’s destructive activity, but its hackers were focused on stealing information that would “shed light on American military activities”.
The Chinese government this week called the joint warning from the US and its allies a “collective disinformation campaign”.
Mao Ning, spokesman for China’s foreign ministry, told reporters that the Five Eyes warnings were to promote their intelligence alliance and that Washington was guilty of hacking.
“This is an extremely unprofessional report with a missing chain of evidence. This is just scissors and paste,” Mao said.
“The United States is the empire of hacking,” she said.