Microsoft warned Chinese state-sponsored hackers dubbed “Volt Typhoon” attacked critical US infrastructure.
“Volt Typhoon is able to infiltrate organizations using a unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once the hacking group has gained access to a corporate system, it steals user credentials from the security suite and uses them to try to gain access to other corporate systems.” CNBC reported.
The Chinese hacking group attacked numerous industries with the intent to gather US Intelligence.
The cyber-attacks became known to US Intel agencies in February, around the time a China spy balloon soared over the continental US.
Microsoft warned on Wednesday that Chinese state-sponsored hackers had compromised “critical” U.S. cyber infrastructure across numerous industries with a focus on gathering intelligence.
The Chinese hacking group, codenamed “Volt Typhoon,” has operated since mid-2021, Microsoft said in an advisory. The organization is apparently working to disrupt “critical communications infrastructure between the United States and Asia,” Microsoft said, to stymie efforts during “future crises.”
The National Security Agency put out a bulletin on Wednesday, detailing how the hack works and how cybersecurity teams should respond.
The attack is apparently ongoing. In an advisory, Microsoft urged impacted customers to “close or change credentials for all compromised accounts.”
The infiltration was focused on communications infrastructure in Guam and other parts of the U.S., the Times reported, and was particularly alarming to U.S. intelligence because Guam sits at the heart of an American military response in case of a Taiwanese invasion.