Chinese hackers targeting resources in U.S.
Infrastructure at risk, cybersecurity officials warn
State-sponsored hackers from China have been targeting U.S. critical infrastructure, cybersecurity officials from around the world, including Canada, warned Wednesday in a co-ordinated effort to root out the perpetrators.
The Canadian Centre for Cyber Security was just one of several international agencies, all of them part of the Five Eyes intelligence alliance, that took part in amplifying the alert issued by the U.S. National Security Agency.
The discovery of what the NSA described as “indicators of compromise” was first made by Microsoft and attributed to Volt Typhoon, a Chinese state actor that the company said has been active since mid-2021.
Volt Typhoon “typically focuses on espionage and information gathering,” the software giant warned in its own threat assessment. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Rob Joyce, the director of cybersecurity for the NSA, described the style of attack as “living off the land” — using existing network tools and valid credentials to better avoid detection.
“A (People’s Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind,” Joyce said in a statement.
The Microsoft report describes stealth as one of the interloper’s key goals in order to maintain access to the target network, which is why it relies on existing administrative tools and “hands-on-keyboard” activity to avoid detection.
“In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware.”
Canadian officials say there have been no reports of any systems inside Canada being targeted. “The Canadian Centre for Cyber Security joins its international partners in sharing this newly identified threat and accompanying mitigation measures with critical infrastructure sectors,” agency head Sami Khoury said in a statement.