Chinese spies may disrupt US infrastructure, warns analysis.

Chinese Hackers Conducting Cyberespionage Campaign Against US Military and Government Targets

A group of Chinese hackers who recently triggered a multi-nation alert have been conducting a cyberespionage campaign against military and government targets in the United States, researchers said on Thursday.

The Chinese government has rejected assertions that its spies are going after Western targets, calling the joint warning issued by the United States and its allies a “collective disinformation campaign”.

The group—dubbed “Volt Typhoon” by Microsoft—was the subject of an alert issued by cybersecurity and intelligence agencies in the United States, Britain and their close allies.

Targeting US Defense and Government Verticals

• Chinese cyber spies have been seen to “primarily target organizations in the U.S. in defense and government verticals (fields), primarily for espionage purposes”, according to researcher Marc Burnard, whose organization—Secureworks—has dealt with several intrusions tied to Volt Typhoon.

The analysis by Secureworks—an arm of Dell Technologies—adds context to the warning issued on Wednesday by Microsoft.

That warning said Volt Typhoon was developing capabilities “that could disrupt critical communications infrastructure between the United States and Asia region during future crises” – a nod to escalating tensions between China and the United States over Taiwan and other issues.

The group has targeted critical infrastructure organizations in the U.S. Pacific territory of Guam, Microsoft said.

The reference to potentially disruptive activity drew widespread attention. Fortinet, whose FortiGuard devices Microsoft said were being abused by Volt Typhoon to break into its targets, saw its shares fall more than 2 percent.

Focus on Stealing Information on US Military Activities

• Burnard said Secureworks had seen no evidence of destructive activity by Volt Typhoon, but that in general its hackers were focused on stealing information that would “shed light on U.S. military activities”.

He declined to name the “handful” of victims which Secureworks had helped to deal with Volt Typhoon.

Chinese foreign ministry spokesperson Mao Ning told reporters that the alerts, issued by the United States, Britain, Canada, Australia and New Zealand were intended to promote their intelligence alliance, known as the Five Eyes – and that it was Washington that was guilty of hacking.

“The United States is the empire of hacking,” Mao said.

(Reporting by James Pearson and Raphael Satter; editing by William Maclean and Mark Heinrich)

Published under: China

This article reveals that a group of Chinese hackers have been conducting a cyberespionage campaign against military and government targets in the United States. The group, known as “Volt Typhoon,” has been primarily targeting organizations in the US defense and government verticals for espionage purposes. The article also highlights the potential for disruptive activity by the group, which has drawn widespread attention. However, there is no evidence of destructive activity by Volt Typhoon, and their focus is on stealing information that would shed light on US military activities. The Chinese government has rejected these assertions, calling the joint warning issued by the United States and its allies a “collective disinformation campaign.”