China’s state-sponsored hackers have been targeting critical US infrastructure, cybersecurity officials around the world, including Canada, warned Wednesday in a coordinated effort to root out the perpetrators.
The Canadian Center for Cyber Security was just one of several international agencies, all part of the Five Eyes intelligence alliance, involved in amplifying the alert. Issued by the US National Security Agency.
The discovery of what the NSA described as “indicators of compromise” was first made by Microsoft and attributed to Volt Typhoon, a Chinese state actor that the company says has been active since mid-2021.
Volt Typhoon “is typically focused on espionage and information gathering,” the software giant warned in its own threat assessment.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign pursues the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asia region during future crises.”
Rob Joyce, the NSA’s director of cybersecurity, described the attack style as “living off the land”: using existing network tools and valid credentials to better avoid detection.
“A state-sponsored actor (from the PRC) lives off the land, uses embedded network tools to evade our defenses and leave no trace,” Joyce said in a statement.
“That makes it imperative that we work together to find and remove the actor from our critical networks.”
The Microsoft report describes stealth as one of the intruder’s key goals to maintain access to the target network, which is why it relies on existing administrative tools and “keyboarding” activity to avoid detection.
“In addition, Volt Typhoon attempts to blend in with normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware.”
Microsoft said that Volt Typhoon has already targeted infrastructure facilities in the US, including on Guam, where the US maintains an air force base and a naval port, both of which are core elements of its military presence. in the Pacific Ocean.
Pentagon officials also believe that Guam and its military installations were among the top targets of the Chinese spy balloon that was shot down in February after a week of drifting in North American airspace.
Canadian officials say there have been no reports of any systems within Canada being attacked.
“The Canadian Center for Cyber Security joins its international partners in sharing this newly identified threat and accompanying mitigation measures with critical infrastructure sectors,” agency chief Sami Khoury said in a statement.
“The interconnected nature of our infrastructures and economies highlights the importance of working together with our allies to identify and share threat information in real time.”
Other agencies involved in Wednesday’s announcement included the US Cybersecurity and Infrastructure Security Agency, the FBI, and cybersecurity agencies in Australia, New Zealand and the United Kingdom.
“For years, China has conducted operations around the world to steal intellectual property and sensitive data from critical infrastructure organizations around the world,” said CISA Director Jen Easterly.
“The (Wednesday) advisory, released in conjunction with our US and international partners, reflects how China is using highly sophisticated means to attack our nation’s critical infrastructure.”
This report by The Canadian Press was first published on May 24, 2023.