CCP-Backed Hacker Group Targeting ‘Critical’ U.S. Infrastructure, Microsoft Warns

A clandestine hacker group financed by the Chinese Communist Party has penetrated U.S. “critical communications infrastructure” to disrupt future communications between America and Asia, according to a shocking report by Microsoft.

The Microsoft Threat Intelligence report published on Wednesday claimed the group, called Volt Typhoon, was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

The report goes on to state that the CCP-backed cyber-espionage group’s attacks — which had notably been activated a few months after Joe Biden took the White House — had affected nearly every major sector in America, from communications to education.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

To do this, Microsoft explained, Volt Typhoon deploys “stealthy” programming techniques.

To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence. In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.

The software company advised companies to rely more on multi-factor authentication (MFA) and cloud-delivered protection to defend against this foreign cyber-espionage campaign.

This isn’t the first time CCP-backed systems have compromised U.S. national security under Joe Biden.

China gained unprecedented access to a litany of sensitive U.S. military installations after a high-altitude spy balloon penetrated Alaskan airspace in February and traveled across the continental U.S. past the North Carolina coast before getting shot down, making that balloon the first foreign aircraft to be shot down over U.S soil since the Japanese attack on Pearl Harbor in 1941.

Defense Department officials admitted months later that the spy balloon ended up collecting troves of sensitive military data despite repeated denials by Biden.

This report comes just days after Biden assured the American people relations with China would improve “very shortly.”

Twitter: @WhiteIsTheFury

Truth Social: @WhiteIsTheFury

Gettr: @WhiteIsTheFury

Gab: @WhiteIsTheFury

Minds: @WhiteIsTheFury