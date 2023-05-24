Listen 2 min Comment on this story Comment Gift Article Share

A Chinese government espionage group has hacked into critical infrastructure in multiple locations, including the island territory of Guam, a key U.S. outpost in any conflict involving Taiwan, officials warned Tuesday. Tech is not your friend. We are. Sign up for The Tech Friend newsletter. ArrowRight Though there has been no destruction of electronic data or equipment, the intruders could be laying the groundwork to disrupt communications between North America and Asia in the event of a military confrontation, according to researchers at Microsoft, which detected the infiltration.

U.S. agencies and those of America’s closest allies issued a rare joint report advising organizations on how to hunt for signs of intrusion by the same group and how to shore up defenses. The “Five Eyes” intelligence alliance said that facilities in the United Kingdom, Canada, Australia and New Zealand could be targeted as well.

The hacking activity by the group was first detected two years ago, Microsoft and others said. The newest campaign uses compromised Fortinet devices, likely taking advantage of an unpublicized flaw in that software. Microsoft said it had notified the victims.

“We recognize the actor from a series of intrusions that have targeted air, maritime and land transportation targets, as well as other organizations,” said John Hultquist, chief analyst at Google’s Mandiant Intelligence. “There are a variety of reasons actors target critical infrastructure, but a persistent focus on these sectors may indicate preparation for disruptive or destructive cyberattack.”

Russia and the United States also penetrate networks in other nations and try to establish a persistent, undetected presence. In recent years, the Americans have also moved to disclose more about the intrusions on its shores to make adversaries work harder and use new techniques.

In this case, attributed to a Chinese group dubbed Volt Typhoon, detection is harder because the hackers use legitimate credentials and software commands to move around the networks, a technique known as “living off the land,” according to officials from the National Security Agency, the FBI and the Cybersecurity and Infrastructures Security Agency. The intruders hide their initial access, as well, using small-office routers before reaching the Fortinet gear.

“Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity,” CISA director Jen Easterly said in a joint press statement.

A CISA spokesperson declined to answer questions about the significance of Guam as a target.

This is a developing story. Please check back for updates.

