Chinese Hackers Targeting US, Guam Aim to Disrupt Communications, Microsoft Says
(Bloomberg) -- A Chinese state-sponsored hacking group has stealthily gained access to infrastructure organizations in Guam and elsewhere in the US, with the likely aim of disrupting critical communications in the event of a crisis, according to Microsoft Corp.
Most Read from Bloomberg
China Is Drilling a 10,000-Meter-Deep Hole Into Earth’s Crust
Hedge Funds Are Deploying ChatGPT to Handle All the Grunt Work
Twitter Is Now Worth Just 33% of Elon Musk’s Purchase Price, Fidelity Says
Debt-Limit Deal Heads to House Vote After Clearing Key Hurdle
In a report published Wednesday, Microsoft said the group known as Volt Typhoon had been active since mid-2021, targeting organizations that span manufacturing, construction, maritime, government, information technology and education. Microsoft said it notified targeted or compromised customers after assessing with “moderate confidence” that the hacks were being carried out in preparation to upend communications during a future crisis.
Guam, a US island territory located 1,600 miles (about 2,600 kilometers) east of Manila, has become an increasingly important military and strategic hub as tensions with China ratchet up — raising the possibility that China might take military action to enforce its claim to the self-ruled island of Taiwan.
Asked about hacking reports at a regular press briefing in Beijing on Thursday, Chinese Foreign Ministry spokeswoman Mao Ning dismissed such accusations as “false information.”
“The United States is expanding new channels for disseminating false information in addition to government agencies,” she said, referencing the participation of “some companies” without naming Microsoft.
Volt Typhoon initially gained access to the targeted organizations through internet-facing devices manufactured by Fortinet Inc., a Sunnyvale, California-based cybersecurity company, according to Microsoft, adding that it was still investigating how the hackers were able to access the equipment. The hackers used whatever privileges they could gain from the Fortinet devices to extract more credentials to authenticate to other devices on the networks, Microsoft said.
There, the hackers intended “to perform espionage and maintain access without being detected for as long as possible,” Microsoft said.
A representative for Fortinet didn’t respond to a request for comment.
--With assistance from Kelly Li.
(Adds response from China’s foreign ministry.)
Most Read from Bloomberg Businessweek
Assault Allegations Plague a $1.4 Billion Home Eldercare Startup
Republicans Hail Big Spending Cuts That Economists Say Will Have Little Impact on the Economy
Opioid Crisis Spurred by Animal Sedative’s Stealth Emergence
Sergey Brin Has a Secret Plan to Put Airships Back in the Skies
©2023 Bloomberg L.P.