(Bloomberg) — An alleged campaign by Chinese state-sponsored hackers against targets in the US and Guam has raised fears that Beijing is preparing to disrupt communications in the Pacific in the event of conflict.
Most read from Bloomberg
The hacking campaign was first identified by Microsoft Corp. on Wednesday. and quickly confirmed by authorities in the US, UK and other allied countries. Microsoft said the hacking group, which they dubbed Volt Typhoon, had breached government, communications, manufacturing and IT organizations in the US and Guam, a critical military post in the Western Pacific.
While the identities of most of the hacking victims remain unknown, U.S. Navy Secretary Carlos Del Toro told CNBC on Thursday that the Navy was affected by the intruders. The extent of the breach was not immediately known. A US Navy spokesman declined to “discuss the status of our networks.”
Meanwhile, Rob Joyce, the director of cybersecurity at the National Security Agency, told CNN on Thursday that Chinese hackers could still access sensitive US networks that they targeted. Joyce said the break-ins were notable for how brutal they were in “magnitude and scale”.
An NSA representative declined to comment, citing instead a release from the NSA and other US agencies about the Chinese hacking group.
Microsoft said it had “moderate confidence” that the breaches were carried out in preparation to disrupt communications in the event of a future crisis. The company’s revelation came amid mounting concerns that China could take military action to enforce its claim to the self-governing island of Taiwan.
Jon Darby, the NSA’s director of operations until his retirement after 39 years with the agency in August, said the operation was consistent with a known way of infiltrating networks by approaching them at the edges rather than what he called the bulls- eye and then go unnoticed for years.
“The interesting thing is that they entered the US Navy’s infrastructure through home routers,” says Darby, who is not familiar with the details of this particular case.
“The scary thing is that they can then launch disruptive or destructive attacks when things hit the fan,” he said. “If they’re in these networks, they can wreak havoc. You need to identify and close the vulnerabilities that allowed them to get into these networks and wipe them out.
The NSA, along with intelligence agencies from the UK, Australia, New Zealand and Canada, also shared more details about the hackers. Those countries are all part of a major intelligence alliance that includes cybersecurity information sharing known as the Five Eyes.
China has denied the hacking allegations.
“We have taken note of this extremely unprofessional report – a patchwork quilt with a broken chain of evidence,” said Mao Ning, spokesman for China’s foreign ministry. “Apparently this has been a collective disinformation campaign launched by the US through the Five Eyes to serve their geopolitical agenda. It’s common knowledge that the Five Eyes is the world’s largest intelligence organization and the NSA is the largest hacking group in the world.”
The US has previously accused Chinese hackers of espionage and intellectual property theft, including a 2015 Office of Personnel Management data breach and a 2017 Equifax hack. In 2014, a Senate panel found that hackers affiliated with the Chinese government had access to the data from military contractors, including airlines and technology companies.
It is not clear why Microsoft, the US and its allies decided this week to put the spotlight on the hacking group. One reason may be to give private companies an edge in defending against this group of Chinese hackers long before a potential conflict with China over Taiwan arises, says John Hultquist, chief analyst at Mandiant Intelligence, a Google subsidiary.
“The burden of protecting critical infrastructure from severe disruptive cyberattacks falls on the private sector. They have to defend these networks,” Hultquist said. “That’s why it’s so important that this intelligence gets into their hands. If not, it’s practically useless.”
Details about the alleged attacks provide rare insights into possible sabotage attempts by Chinese hackers, whose alleged intellectual property theft and espionage capabilities are better known. In contrast, cybersecurity experts have documented Russian attacks on critical infrastructure, including hacks of the power grid in Ukraine have been well documented.
“The organization has been around for a long time,” said Dakota Cary, a consultant at Krebs Stamos Group, describing the hacking group. “When they crossed a border to get something of military operational value, it changed.”
–With help from Margi Murphy.
(Updates with additional information throughout. An earlier version of this story corrected a spelling error.)
Most read from Bloomberg Businessweek
©2023 Bloomberg LP