Microsoft and the Five Eyes intelligence alliance have warned that a Chinese state-backed group has hacked critical American infrastructure, including the US region of Guam.
The US Department of Cybersecurity and Infrastructure Security (CISA) has issued a joint warning with its “Five Eyes” partner organizations in the UK, Canada, Australia and New Zealand that “Volt Typhoon” hackers pose a threat to all five countries.
Guam is home to three US military bases and the western Pacific island could play an important strategic role should the US respond to any possible Chinese military attack on Taiwan or a Taiwan blockade.
The likely purpose of the operation is to disrupt critical communications infrastructure between the United States and the Asian region during future crises, according to a blog post by Microsoft that identified the hacking.
Microsoft said in its blog post that the China-based state-sponsored actor typically focuses on espionage and information gathering. “This attack can be difficult to detect and mitigate,” Microsoft said.
According to Microsoft, “Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.”
“In this campaign, the affected organizations cover the communications, manufacturing, services, transportation, construction, maritime, government, information technology and education sectors. Observed behavior indicates that the threat actor plans to perform espionage and maintain access undetected for any purpose,” it said.