WASHINGTON: A state-sponsored Chinese hacking group has been spying on a wide range of US critical infrastructure organisations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft said on Wednesday.

The espionage has also targeted the US island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding that “mitigating this attack could be challenging.” While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure.

Chinese foreign ministry spokesperson Mao Ning said on Thursday the hacking allegations were a “collective disinformation campaign” from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the US, Canada, New Zealand, Australia and the UK.

Mao said the campaign was launched by the US for geopolitical reasons and that the report from Microsoft analysts showed that the US government was expanding its channels of disinformation beyond government agencies.

Beijing rejects claim, says it is ‘collective disinformation campaign’

“But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking,” she told a regular press briefing in Beijing.

It was not immediately clear how many organisations were affected, but the US National Security Agency (NSA) said it was working with partners, as well as the US Federal Bureau of Investigation to identify breaches. Canada, UK, Australia and New Zealand warned they could be targeted by the hackers too.

Microsoft analysts said they had “moderate confidence” this Chinese group, which it dubbed as ‘Volt Typhoon’, was developing capabilities that could disrupt critical communications infrastructure between the US and Asia region during future crises.

“It means they are preparing for that possibility,” said John Hultquist, who heads threat analysis at Google’s Mandiant Intelli­gence.

The Chinese activity is unique and worrying also because analysts don’t yet have enough visibility on what this group might be capable of, he added.

“There is greater interest in this actor because of the geopolitical situation.” As China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, US President Joe Biden has said he would be willing to use force to defend Taiwan.

Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.

“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems,” Paul Chichester, director at the UK’s National Cyber Security Centre said in a joint statement with the NSA.

Published in Dawn, May 26th, 2023