Chinese spy hit on US military base sparks fears of communications blackout
Chinese state-backed hackers have infiltrated US communication systems in the Pacific, prompting fears that Beijing could cut off American military channels during an invasion of Taiwan.
Security researchers at Microsoft said hackers codenamed “Volt Typhoon” were caught infiltrating critical national infrastructure on the Pacific island of Guam, which acts as a crucial military staging post for the US in the region.
Microsoft said the “stealthy and targeted” campaign had been ongoing since at least 2021 and “has targeted critical infrastructure organisations in Guam and elsewhere in the United States.”
“In this campaign, the affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors," researchers said.
Hackers appear to be using their access to spy on US operations but Microsoft warned that the group was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
The discovery of the Volt Typhoon operation will raise fears that China might try to cut off US communications in the region during an invasion of Taiwan.
Chinese President Xi Jinping believes Taiwan is rightfully part of his country and has vowed to take control of the island.
Taiwan has long been an ally of the US and President Joe Biden has repeatedly pledged to come to the nation’s military aid if it is threatened by Beijing.
Guam is a major staging post for the US military in the western Pacific. The US island territory, which is less than 2,000 miles from Taiwan, would play a significant part in America’s response to a Chinese invasion.
Guam also hosts critical communications infrastructure in the region. A major telecoms cable linking Japan and Australia runs through the island, while another connects Taiwan and Singapore to Tokyo.
The discovery of the Chinese state hacker gang triggered a worldwide alert by the Five Eyes espionage alliance.
The US Cybersecurity and Infrastructure Security Agency said: “Private sector partners have identified that this activity affects networks across US critical infrastructure sectors.”
Australia, Britain, Canada and New Zealand all echoed the US warning, cautioning providers of services such as telecoms, energy, ports and pipelines to be on red alert for further Chinese intrusions.
Paul Chichester, director of operations at the National Cyber Security Centre, GCHQ’s defensive arm, said: “It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems”.
Marc Burnard, lead China researcher with cyber security company Secureworks, said the Chinese spies had worked exceptionally hard to cover their tracks.
Hackers had disguised themselves unusually well by only using tools built into Microsoft Windows to carry out their spying.
Typically, state-backed hackers deploy custom-written software to achieve their aims. This malicious software, or malware, almost always leaves traces that allow security personnel to track down the spies.
US officials have been stepping up investigation into alleged spying by Chinese nationals in recent years amid mounting tensions between the two countries. The US Department of Justice handed down indictments in 2020 and 2021 linked to alleged cyber spying and hacking.
Mr Burnard said: “These tradecraft developments have likely been driven by a series of high-profile US Department of Justice indictments of Chinese nationals allegedly involved in cyberespionage activity.”
Jamie McColl, a research fellow with the Royal United Services Institute think-tank specialising in cyber security, said the Volt Typhoon campaign signalled “a shift in Chinese activity, which has historically not been concerned about being detected.”
“It’s not that often you see these joint attributions across every Five Eyes member, particularly with China… so this is quite notable.”
John Hultquist, chief analyst of Google-owned cyber security company Mandiant, said: “China's attack capability has been very opaque and very difficult to find, frankly… [before now] they haven’t really shown us what they’re capable of.”
Don Smith, Secureworks’ vice president of threat research, said: “Being caught is the worst possible thing if you're a hostile state actor, because that can then be used for either covert or overt diplomatic embarrassment - like today.”
China rejected the US-led accusations on Thursday, claiming they were part of a “collective disinformation campaign”.
Official spokesman Mao Ning told Reuters: “The United States is the empire of hacking.”