Spy Agencies Warn Of New Threats From Chinese Hackers
Britain’s signals intelligence agency GCHQ has urged operators of critical national infrastructure, including energy and telecommunications networks, to take additional measures to prevent Chinese state-sponsored hackers from hiding on their systems.
Now, the National Cyber Security Agency (NCSC) has shared a new warning about malicious Chinese hacking aimed at the UK's national infrastructure.
The NCSC, which is part of GCHQ, says that state-sponsored hackers have been spotted taking advantage of admin tools to derail projects and the warning is in the wake of malicious activity being uncovered in Guam, the USA's base in the Western Pacific.
The NCSC issued the warning after it emerged that a Chinese hacking group known as Volt Typhoon had targeted a US military outpost in the Pacific Ocean.
Specifically, a malicious code was implanted in telecoms networks in the island of Guam, which is the location of a US military base expected to have a critical role in any American response to an invasion of Taiwanby China. The 'web shell' code was discovered soon after the exceptional event in which a Chinese spy balloon was shot down by US air defences in February.
The Five Eyes intelligence group, the US, the UK, Australia, Canada and New Zealand, issued a joint notice detailing the nature of the Volt Typhoon threat and how to deal with it.
Microsoft has said that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure in Guam.It also said organisations had also been targeted in the US, spanning sectors including communications, manufacturing, government, IT and education. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” said Microsoft.
According to Microsoft, Volt Typhoon has been active since mid-2021 and used to target critical infrastructure in Guam and elsewhere in the United States. The affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
Another US cyber security company that contributed to the advisory notice, SecureWorks has said Chinese hackers tended to share their techniques with other China-based groups and that similar techniques would be deployed against UK targets.
Microsoft has added: "Affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."
Microsoft: Five Eyes: The Conversation: Guardian: Punchline: The Times: FT:
You Might Also Read:
NSA Warning: China Is Stealing AI Technology:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible