State-backed Chinese hackers could be laying groundwork for future disruption
Introduction
The United States may face a potential disruption of critical communications between the US and Asia during future crises, warned Microsoft on May 24, 2023. This is due to the continuous cyberattacks from state-backed Chinese hackers, who have been targeting critical US infrastructure. Microsoft has named the group of hackers as Volt Typhoon, which has been active since mid-2021. The targets of the group are organizations that are in the communications, manufacturing, utility, transportation, construction, maritime, information technology, and education sectors.
The announcement by Microsoft
It is not clear why Microsoft has decided to make this announcement now. But the tech giant is highlighting the issue before it gets too late. Hostile activities in digital space, which include espionage, positioning malware, and ransomware attacks, have become a significant aspect of geopolitical rivalry. Microsoft has identified Volt Typhoon as a potential source of future disruption targeting critical infrastructure.
The group has invaded small network equipment, including routers, and is seeking persistent access to its targeted infrastructure. Its intrusion campaign has a strong emphasis on stealth, making it challenging for security measures to detect. The company noted that their campaign has blended into normal network activity, which may cause even more problems in detecting an attack due to the difficulty in identifying the difference between an attack and a standard network activity.
Security advisor’s statement
In a joint advisory statement, the National Security Agency, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), Australia, New Zealand, Canada, and Britain shared technical details on the recent efforts of Volt Typhoon. CISA Director Jen Easterly stated that the Chinese government has conducted aggressive cyber-operations for years to steal sensitive data and intellectual property from organizations worldwide. Bryan Vorndran, FBI Cyber Division Assistant Director, called Volt Typhoon’s intrusion an “unacceptable tactic.”
Expert opinion
Several cyber-security experts have noted the potential severity of the threat. Chief analyst at Google’s Mandiant cybersecurity intelligence operation, John Hultquist, called Microsoft‘s public announcement significant. He shared that probing from China is rare, and they have generally withheld the use of tools that may be used for military and disruptive attacks in an armed conflict.
The geopolitical context
The announcement from Microsoft has come in the backdrop of increasing tensions between Washington and Beijing, which the US considers its economic, strategic, and military rival. The tensions increased last year after China‘s military exercises around Taiwan, which Beijing claims as its territory, following then-House Speaker Nancy Pelosi’s visit to the country. The rise in tensions has caused concern among cybersecurity experts that the attacks may have broader implications.
Editorial
Microsoft’s announcement highlights the need for increased cybersecurity measures in the critical infrastructure sector as an essential part of national security strategy. Cyber threats for years have been perceived as an essential threat to global security, and the concern has intensified with the Chinese state-backed hacker group.
The infrastructure and networks that power the Internet globally have vulnerabilities. These vulnerabilities are exploited by organized crime, nation-state attacker groups, and hacktivists. Attacks like these and similar attacks are proof that cybersecurity is a growing concern worldwide. Governments worldwide must develop a coordinated approach to cybersecurity, which includes detection, prevention, and response capabilities.
Conclusion
The recent announcement by Microsoft on the increased targeting of critical US targets such as infrastructure by state-backed Chinese hackers has raised concerns on the potential severity of future attacks. As the incidents of cyber-attacks continue to escalate, policymakers worldwide must take this threat seriously and increase their efforts to address the issue before it leads to dangerous consequences. It is essential to develop a coordinated approach to cybersecurity that includes detection, prevention, and response measures. The integrity of the Internet and the networks that sustain it is vital, and we must treat it as such.
<< photo by Anete Lusina >>
You might want to read !
- The Power of AI in Cybersecurity Recovery
- How the Chinese-backed APT group ‘Volt Typhoon’ infiltrated US critical infrastructure organizations
- “The Perils of Ransomware and MitM Attacks: The Man in the Middle Strikes Again”
- “Unveiling the Buzz: Honeywell’s Latest Cyber Insights for Proactive Cybersecurity Measures”
- US and Guam’s critical infrastructure under attack by Chinese-linked hackers
- 5 Key Questions to Consider When Assessing a Fresh Cybersecurity Technology
- The Growing Threat: Enterprises Experience More Malware Attacks Than Smaller Organizations, According to Netwrix Report
- Biden Selects NSA Chief to Bolster Ukraine, Safeguard American Elections
