Chinese hackers are attacking critical infrastructure in the US and Guam

According to the findings of Microsoft, as well as the US government and four other countries, the cyberattacks are attributed to the Volt Typhoon group.

Recent investigations conducted by Microsoft, alongside the US government and four other nations, have shed light on the activities of a cybercrime group known as Volt Typhoon. According to the available data, Volt Typhoon has been operating stealthily for a minimum of two years, engaging in extensive espionage and gathering sensitive information on behalf of the People’s Republic of China.

To ensure their actions go unnoticed, these cybercriminals employ pre-existing tools and exploit compromised devices, manually controlling their operations to evade detection by automated security measures. A notable tactic employed by the group involves utilizing home and small office routers as intermediaries, establishing a covert infrastructure that allows them to communicate with infected systems through local internet service providers. By exploiting the compromised Small Office/Home Office (SOHO) networking peripherals, including routers from prominent manufacturers such as ASUS, Cisco, D-Link, NETGEAR, and Zyxel, Volt Typhoon redirects its network traffic to its designated targets. Alarming discoveries have revealed that many of these devices have exposed their HTTP or SSH management interfaces, which further facilitates the illicit activities. Hackers target various industries, including government, manufacturing, communication, transportation, maritime and IT. This diverse array of targets suggests a comprehensive strategy aimed at acquiring valuable data and disrupting critical systems across various sectors.

Researchers and analysts strongly suspect that the primary objective of Volt Typhoon is to undermine communication channels between the United States and the Pacific region. The increasing tensions between the US and China have created an environment where these cybercriminals focus their efforts on Guam, a strategic location that houses a significant US military base. By compromising networks and systems in Guam, they seek to disrupt vital communication links, potentially hampering military operations and causing significant disruption in the region.

The activities of Volt Typhoon underscore the growing importance of robust cybersecurity measures to safeguard sensitive information, critical infrastructure, and international communication channels. The ongoing efforts to counter these cyber threats require enhanced collaboration between governments, organizations, and technology providers to mitigate the risks posed by sophisticated cybercriminals operating on behalf of nation-states.