WASHINGTON – Western intelligence agencies today issued a joint advisory to highlight the targeting of US critical infrastructure by a China-sponsored malicious cyber actor and help users hunt such activity on their devices, reported German news agency (dpa).
Agencies in the United States, Canada, Australia, New Zealand, and Britain published a joint advisory sharing technical details on “the recently discovered cluster of activity... associated with a People’s Republic of China state-sponsored cyber actor, also known as Volt Typhoon”.
“Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory said.
Separately, Microsoft said in a blog post today that it “uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States”.
According to Microsoft, Volt Typhoon “typically focuses on espionage and information gathering”.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the tech company said.
Microsoft said that the group, active since mid-2021, has targeted critical infrastructure organisations in the US territory of Guam and elsewhere in the country, adding that the target of the activities appears to be to “perform espionage and maintain access without being detected for as long as possible”.
The company said organisations affected by the malicious campaign include maritime, government, and information technology, among others. – Bernama, May 25, 2023
