Five Eyes cyber agencies attribute recent cyberattacks on US critical infrastructure to China, China refutes claims

The affected organisations reportedly span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

 Flag, American Flag

The intelligence agencies of the USA, Australia, New Zealand, and the UK have collectively attributed a recent cluster of cyber activities on US critical infrastructure to the Chinese state-sponsored hacking group Volt Typhon.

The advisory revealed that Volt Typhoon employed a ‘living off the land’ technique, utilising legitimate system tools to evade detection by blending in with normal Windows activities. The advisory and Microsoft’s write-up about the Volt Typhoon’s attacks in Guam both caution that defending from such a cyberattack could be challenging, as some command lines may be false positive indicators of malicious activity.

image 7

Volt Typhoon attack diagram. Source: Microsoft

Microsoft stated that the group aimed for espionage and information gathering, maintaining access without being detected. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is developing capabilities that could disrupt critical communications infrastructure between the USA and Asia region during future crises.

China has ‘taken note of the report,’ China’s foreign ministry spokesperson Mao Ning stated, describing it as ‘patched together, with a serious lack of evidence and is extremely unprofessional ‘. She continued: ‘Obviously, this is a collective disinformation campaign by the United States to mobilise the Five Eyes countries for geopolitical purposes.’ Mao further noted that ‘involvement of certain companies in this shows that the US is expanding new channels for spreading disinformation’ and finished by noting, ‘But no matter how the tactics change, it does not change the fact that the US is the empire of hacking.’