Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Chinese hackers targeting critical U.S. infrastructure, Microsoft warns

State-sponsored hackers based in China have been working to compromise critical infrastructure in the U.S., Microsoft said on Wednesday. It’s thought the attacks could lead to the disruption of important communications between the U.S. and its interests in Asia during future crises.

Flags of the U.S. and China.
Dall-E 2

Notable target sites include Guam, a small island in the Pacific with an important U.S. army base that could play an important role in any clash with China over Taiwan.

The malicious activity, which is believed to be ongoing, is apparently the work of Volt Typhoon, a group that’s been active since 2021 and typically focuses on espionage and information gathering. Microsoft became aware of the action in February, around the time when the Chinese spy balloon was brought down off the coast of South Carolina, according to a New York Times report.

A large number of sectors are impacted by Volt Typhoon’s efforts and include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible,” the computer giant said.

The hacking group has been able to infiltrate targeted organizations using a vulnerability in a cybersecurity suite called FortiGuard, Microsoft explained. Once it’s managed to access the target’s system, it nabs user credentials from FortiGuard and then uses them in attempts to infiltrate other systems.

Microsoft said that as with any observed activity of this nature, it has directly notified targeted or compromised customers and provided them with the necessary instructions for securing their systems.

Jen Easterly, director of America’s cyber defense agency (CISA), said in a statement published on Wednesday: “For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe.”

Easterly added: “Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity … We encourage all organizations to review the advisory, take action to mitigate risk, and report any evidence of anomalous activity. We must work together to ensure the security and resilience of our critical infrastructure.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Not even your PC’s power supply is safe from hackers
Eaton 5S1500LCD UPS Battery Backup.

Hackers have managed to find a way to successfully gain access to uninterruptable power supply (UPS) computer systems, according to a report from The Cybersecurity and Infrastructure Security Agency (CISA).

As reported by Bleeping Computer and Tom’s Hardware, both the Department of Energy and CISA issued a warning to organizations based in the U.S. that malicious threat actors have started to focus on infiltrating UPS devices, which are used by data centers, server rooms, and hospitals.

Read more
Microsoft has a warning about working in the metaverse
A vision of Meta's metaverse in the work setting.

You're probably familiar with the online dangers that you could come across while working from home on your own computer or one provided by your employer. Spam, malware, adware, and viruses are just some things to think about. With the future of the workplace now possibly heading into the online metaverse, these are all dangers that could still come up for workers -- and Microsoft has a warning about it.

In a recent post, Charlie Bell, the executive vice president for security, compliance, identity, and management at Microsoft, talked about the cornerstones for securing work in the metaverse. Bell believes that with the metaverse, the security stakes will be higher than imagined, and lists ways that companies and the major players in the space can stay safe when bringing workers online to the virtual metaverse. More importantly, though, he also touched on how anyone can easily be impersonated in the metaverse.

Read more
Microsoft hacker LAPSUS$ just claimed yet another victim
microsoft headquarters

LAPSUS$, the group behind the unprecedented Nvidia hack, has successfully infiltrated another company, digital security authentication firm Okta.

A cybersecurity incident was confirmed to have occurred in January, with the investigation from a forensics firm revealing that a hacker did indeed gain access to an Okta support engineer’s laptop for a full five days.

Read more