Spy Agencies Warn Of New Threats From Chinese Hackers

Uploaded on 2023-05-29 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Britain’s signals intelligence agency GCHQ has urged operators of critical national infrastructure, including energy and telecommunications networks, to take additional measures to prevent Chinese state-sponsored hackers from hiding on their systems.

 Now, the National Cyber Security Agency (NCSC) has shared a new warning about malicious Chinese hacking aimed at the UK's national infrastructure.

The NCSC, which is part of GCHQ, says that state-sponsored hackers have been spotted taking advantage of admin tools to derail projects and the warning is in the wake of malicious activity being uncovered in Guam, the USA's base in the Western Pacific. 

The NCSC issued the warning after it emerged that a Chinese hacking group known as Volt Typhoon had targeted a US military outpost in the Pacific Ocean. 

Specifically, a malicious code was implanted in telecoms networks in the island of Guam, which is the location of a US military base expected to have a critical role in any American response to an invasion of Taiwanby China. The 'web shell' code was discovered soon after the exceptional event in which a Chinese spy balloon was shot down by US air defences in February. 

The Five Eyes intelligence group, the US, the UK, Australia, Canada and New Zealand, issued a joint notice detailing the nature of the Volt Typhoon threat and how to deal with it.

Microsoft has said that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure in Guam.It also said organisations had also been targeted in the US, spanning sectors including communications, manufacturing, government, IT and education. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” said Microsoft.

According to Microsoft, Volt Typhoon has been active since mid-2021 and used to target critical infrastructure in Guam and elsewhere in the United States. The affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. 

Another US cyber security company that contributed to the advisory notice, SecureWorks has said Chinese hackers tended to share their techniques with other China-based groups and that similar techniques would be deployed against UK targets.

Microsoft has added: "Affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."

Microsoft:     Five Eyes:    The Conversation:   Guardian:     Punchline:    The Times:   FT:   

You Might Also Read: 

NSA Warning: China Is Stealing AI Technology:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Enabling Quantum-Safe Cryptography
Europe - The DDoS Battlefield Of 2022 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NAVEX Global

NAVEX Global

NAVEX Global’s compliance management system consolidates your entire GRC program onto a scalable cloud-based platform.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Darknone Global

Darknone Global

Darknone is a consortium of elite hackers and security leaders united by an unbridled passion for augmenting the security of the digital realm.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

Myrror Security

Myrror Security

Myrror Security is a software supply chain security solution that aids lean security teams in safeguarding their software against breaches.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.