Microsoft warns that China hackers attacked U.S. infrastructure
Chinese state-backed hacking group “Volt Typhoon” has reportedly breached critical US cyber infrastructure across multiple industries, with Microsoft warning customers that the attack is still ongoing. In a new advisory, Microsoft said the group is working to disrupt critical comms infrastructure between the US and Asia, apparently to hinder attempts to collaborate during “future crises.” The hacking group has been operating since mid-2021, and according to the advisory, the attackers have infiltrated nearly every critical sector, including government organizations, communications, transportation, and maritime industries. Microsoft has urged impacted customers to “close or change credentials for all compromised accounts.”
FAQs:
What is “Volt Typhoon”?
“Volt Typhoon” is a Chinese state-sponsored hacking group that has been operating since mid-2021. They’ve targeted U.S. critical infrastructure across multiple industries, with a focus on gathering intelligence.
What should I do if I think I’m impacted by the attack?
Microsoft has urged impacted customers to “close or change credentials for all compromised accounts.”
What is the group’s objective?
According to Microsoft, the group isn’t looking to create disruption yet. Rather, “the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
China Hackers Targeted U.S. Infrastructure, Says Microsoft Warning
Microsoft has issued a warning that Chinese state-sponsored hackers, known as “Volt Typhoon,” have breached “critical” US cyber infrastructure across multiple sectors. Their focus is on intelligence gathering, but the hackers are also attempting to disrupt essential communications infrastructure between the US and Asia. The group is believed to have been in operation since mid-2021, and Microsoft has urged impacted customers to change credentials for all compromised accounts. The hackers are able to infiltrate organizations using an unknown vulnerability in a widely used cybersecurity suite called FortiGuard. Once inside, the group steals user credentials from the security system and attempts to access other corporate systems. The breach reportedly affects infrastructure in nearly every major sector, including communications, transport, and maritime industries, as well as government organizations.