Spy Agencies Warn Of New Threats From Chinese Hackers

Uploaded on 2023-05-29 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Britain’s signals intelligence agency GCHQ has urged operators of critical national infrastructure, including energy and telecommunications networks, to take additional measures to prevent Chinese state-sponsored hackers from hiding on their systems.

 Now, the National Cyber Security Agency (NCSC) has shared a new warning about malicious Chinese hacking aimed at the UK's national infrastructure.

The NCSC, which is part of GCHQ, says that state-sponsored hackers have been spotted taking advantage of admin tools to derail projects and the warning is in the wake of malicious activity being uncovered in Guam, the USA's base in the Western Pacific. 

The NCSC issued the warning after it emerged that a Chinese hacking group known as Volt Typhoon had targeted a US military outpost in the Pacific Ocean. 

Specifically, a malicious code was implanted in telecoms networks in the island of Guam, which is the location of a US military base expected to have a critical role in any American response to an invasion of Taiwanby China. The 'web shell' code was discovered soon after the exceptional event in which a Chinese spy balloon was shot down by US air defences in February. 

The Five Eyes intelligence group, the US, the UK, Australia, Canada and New Zealand, issued a joint notice detailing the nature of the Volt Typhoon threat and how to deal with it.

Microsoft has said that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure in Guam.It also said organisations had also been targeted in the US, spanning sectors including communications, manufacturing, government, IT and education. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” said Microsoft.

According to Microsoft, Volt Typhoon has been active since mid-2021 and used to target critical infrastructure in Guam and elsewhere in the United States. The affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. 

Another US cyber security company that contributed to the advisory notice, SecureWorks has said Chinese hackers tended to share their techniques with other China-based groups and that similar techniques would be deployed against UK targets.

Microsoft has added: "Affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."

Microsoft:     Five Eyes:    The Conversation:   Guardian:     Punchline:    The Times:   FT:   

You Might Also Read: 

NSA Warning: China Is Stealing AI Technology:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Enabling Quantum-Safe Cryptography
Europe - The DDoS Battlefield Of 2022 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

CyberPoint

CyberPoint

CyberPoint delivers innovative, leading-edge cyber security products, solutions, and services to customers worldwide.

Arsenal Recon

Arsenal Recon

Arsenal Recon are digital forensics experts, providing consultancy services and powerful software tools to improve the analysis of electronic evidence.

Network Box

Network Box

Network Box is one of the world's leading Managed Security Service Providers.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Swascan

Swascan

Swascan is the first all-in-one, GDPR Compliant, Cloud Security Suite Platform. GDPR Assessment, Web Application Scan, Network Scan, Code Review.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Modern Networks

Modern Networks

Modern Networks is a leading provider of IT managed services to the UK’s commercial property sector and medium sized enterprises.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.