Spy Agencies Warn Of New Threats From Chinese Hackers

Uploaded on 2023-05-29 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Britain’s signals intelligence agency GCHQ has urged operators of critical national infrastructure, including energy and telecommunications networks, to take additional measures to prevent Chinese state-sponsored hackers from hiding on their systems.

 Now, the National Cyber Security Agency (NCSC) has shared a new warning about malicious Chinese hacking aimed at the UK's national infrastructure.

The NCSC, which is part of GCHQ, says that state-sponsored hackers have been spotted taking advantage of admin tools to derail projects and the warning is in the wake of malicious activity being uncovered in Guam, the USA's base in the Western Pacific. 

The NCSC issued the warning after it emerged that a Chinese hacking group known as Volt Typhoon had targeted a US military outpost in the Pacific Ocean. 

Specifically, a malicious code was implanted in telecoms networks in the island of Guam, which is the location of a US military base expected to have a critical role in any American response to an invasion of Taiwanby China. The 'web shell' code was discovered soon after the exceptional event in which a Chinese spy balloon was shot down by US air defences in February. 

The Five Eyes intelligence group, the US, the UK, Australia, Canada and New Zealand, issued a joint notice detailing the nature of the Volt Typhoon threat and how to deal with it.

Microsoft has said that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure in Guam.It also said organisations had also been targeted in the US, spanning sectors including communications, manufacturing, government, IT and education. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” said Microsoft.

According to Microsoft, Volt Typhoon has been active since mid-2021 and used to target critical infrastructure in Guam and elsewhere in the United States. The affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. 

Another US cyber security company that contributed to the advisory notice, SecureWorks has said Chinese hackers tended to share their techniques with other China-based groups and that similar techniques would be deployed against UK targets.

Microsoft has added: "Affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."

Microsoft:     Five Eyes:    The Conversation:   Guardian:     Punchline:    The Times:   FT:   

You Might Also Read: 

NSA Warning: China Is Stealing AI Technology:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Enabling Quantum-Safe Cryptography
Europe - The DDoS Battlefield Of 2022 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

LogmeOnce

LogmeOnce

LogmeOnce provides users with solution to multiple Password problems, Single Sign-On (SSO), and Identity Management.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.