A Chinese government hacking group has acquired a significant foothold inside critical infrastructure environments throughout the US and Guam and is stealing network credentials and sensitive data while remaining largely undetectable, Microsoft and governments from the US and four other countries said on Wednesday.
The group, tracked by Microsoft under the name Volt Typhoon, has been active for at least two years with a focus on espionage and information gathering for the People’s Republic of China, Microsoft said. To remain stealthy, the hackers use tools already installed or built into infected devices that are manually controlled by the attackers rather than being automated, a technique known as “living off the land.” In addition to being revealed by Microsoft, the campaign was also documented in an advisory jointly published by:
• US Cybersecurity and Infrastructure Security Agency (CISA)
• US Federal Bureau of Investigation (FBI)
• Australian Cyber Security Centre (ACSC)
• Canadian Centre for Cyber Security (CCCS)
• New Zealand National Cyber Security Centre (NCSC-NZ)
• United Kingdom National Cyber Security Centre (NCSC-UK)