Thursday May 25, 2023
Chinese state-backed hacking group "Volt Typhoon" has been identified by Microsoft as responsible for ongoing attacks on critical US cyber infrastructure.
The hackers targeted several industries to gather intelligence and disrupt the communications infrastructure between the United States and Asia.
Microsoft advised affected organizations to close or change compromised account credentials, saying the hackers' main goal was espionage rather than an immediate breach.
In a recent alert, Microsoft issued a warning regarding a series of cyberattacks on vital US infrastructure by Chinese state-backed hackers.
These attacks, attributed to a group known as "Volt Typhoon", have been ongoing since mid-2021 and are primarily aimed at gathering intelligence. Microsoft stressed the need for affected customers to take immediate action by changing or closing the credentials of the affected account.
Hackers are exploiting an undisclosed vulnerability in the widely used FortiGuard cybersecurity suite to infiltrate organizations, steal user credentials and attempt unauthorized access to other systems.
Hackers' main goal seems to be long-term espionage and maintaining undetected access rather than causing immediate disruption. The attacks hit various critical industries, including communications, transportation, the maritime industry, and government organizations.
Covington and Burling, a renowned law firm, fell victim to suspected Chinese government-backed hackers in 2020, underscoring the continuing threat posed by Chinese cyber attacks.
In a joint statement with international and domestic intelligence agencies, the Cybersecurity and Infrastructure Security Agency (CISA) highlighted the continued risk that Chinese hackers pose to American intellectual property.
CISA director Jen Easterly highlighted China's history of conducting aggressive cyber operations to steal valuable data and sensitive information from organizations around the world.
