IG news Update,
A Chinese state-sponsored cyber threat actor is conducting discrete espionage operations within critical US infrastructure and may target other countries, Western cyber security agencies and Microsoft warned on Wednesday.
Those operations may be aimed at developing ways to disrupt critical communications between the US and Asia “during future crises”, Microsoft said – a warning that could refer to a possible attack on Taiwan by China, which has signaled Granted that he can use military force. Democratically governed islands under its direct control.
The threat posed by the Chinese group known as Volt Typhoon prompted a rare joint advisory on Wednesday from Five Eyes cyber security agencies, including the Canadian Center for Cyber Security of the Communications Security Establishment (CSE).
The agencies and Microsoft said the group avoided detection by blending in with normal Windows operations through a series of techniques known as “living out of the land”. The process allows the actor to move through the system by taking advantage of built-in network administration tools, making its actions look like normal activity.
The CSE says Typhoon Volt has only been detected in the US so far, and no Canadian victims have been reported as of Wednesday.
“However, Western economies remain deeply entrenched,” the agency warned. “Most of our infrastructure is closely integrated and an attack on one can affect the other.”
The agencies further warned that they believe the group “could be implementing similar techniques against these and other regions around the world.”
In a threat intelligence advisory, Microsoft said Typhoon Volt has been active since mid-2021 and has targeted Guam and other critical infrastructure in the US, including the government, communications, information technology, maritime and education sectors.
“The observed behavior suggests that the threat actor intends to conduct espionage and maintain undetected access for as long as possible,” the assessment reads.
“Microsoft assesses with medium confidence that it is pursuing the development of Volt Typhoon campaign capabilities that could disrupt critical communications infrastructure between the United States and the Asia region during future crises.”
Guam is home to major US military facilities, including Andersen Air Force Base, which would be key to responding to any conflict in the Asia-Pacific region.
This would include a Chinese military invasion of Taiwan, for which the island’s democratic government has said they are actively preparing. Taiwan’s foreign minister told Global News last month that it was a matter of when Beijing would launch such a campaign, not if.
China claims Taiwan as its territory and top-ranking members of the Chinese Communist Party, including President Xi Jinping, have not been shy about their aim to take back control of the island. Xi and his top officials have not ruled out using military force to do so.
CSE and Microsoft would not say whether the “future crisis” was a reference to a possible Taiwan attack.
Microsoft said that Volt Typhoon actors will wrap themselves in normal network activity and proceed to collect data from their targets, including local network credentials that are used to “maintain persistence”. The data will also be stored in external servers for exfiltration.
The company said it had notified targeted or compromised customers and provided them with information on how to “hunt” for tactics and techniques used by Volt Typhoon and how to mitigate any impact.
But Microsoft also warned that “mitigating this attack can be challenging” because of the techniques it uses that are “off the ground”.
It warned compromised accounts “should be closed or replaced” to avoid future attacks.
Five Eyes cyber security agencies also issued detailed instructions on how to detect Volt Typhoon activity and “stay away from land” techniques more widely.
Wednesday’s warning comes a day after former Governor General David Johnston released an interim report on his investigation into how Canada detects and counters foreign interference threats.
The report noted that unlike Russia’s, Chinese interference is designed to permeate democratic institutions and critical infrastructure, making it more difficult to counter.
CSE’s annual National Cyber Threat Assessment noted that China, Russia, Iran and North Korea are the top strategic cyber threats to Canada and all will continue to target critical areas over the next two years.
“That said, the threat from China is the most significant in terms of volume, potential and intent to assess,” the report said.
“China-sponsored cyber threat actors will continue to target industries and technologies in Canada that contribute to the state’s strategic priorities.”
With Reuters files
© 2023 Global News, a division of Corus Entertainment Inc.