Five Eyes: China-sponsored hackers spying on U.S. infrastructure

May 25 (UPI) -- A Chinese state-sponsored hacking group has been spying on critical U.S. infrastructure sectors, Western intelligence agencies said, while warning the international community that the surveillance campaign may be worldwide.

The Five Eyes intelligence alliance of Australia, Britain, Canada, New Zealand and the United States issued the joint Cybersecurity Advisory on Wednesday, stating they had recently discovered a "cluster of activity" associated with China state-sponsored hackers Volt Typhoon.


Microsoft separately said in a statement that Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.

Describing the hackers' work as "stealthy and targeted malicious activity," the U.S. computer giant described the Chinese espionage campaign as targeting organizations in the sectors of communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," it said.

"Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."


Both Microsoft and Five Eyes said Volt Typhoon relies on so-called living-off-the-land techniques, which use built-in network administration tools to evade detection by appearing as part of the normal Windows system.

The advisory warns that many of the behavioral indicators of a breach can also be legitimate system administration commands that appear in "benign activity," and that "care should be taken not to assume that findings are malicious without further investigation or other indications of compromise."

The Canadian Center for Cyber Security added in a separate statement that it has no reports of Canadian victims but warned that since Western economies are deeply interconnected that "an attack on one can impact the other."

It added that the warning is "especially important" due to the difficulty in identifying this specific attack.

"The state-sponsored cyber programs of China, Russia, Iran and North Kora pose the greatest strategic cyber threats to Canada," it said. "State-sponsored cyberthreat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these states."

Latest Headlines