Chinese hackers targeting national infrastructure, warn Cyber Security chiefs

‘China is the largest threat we face’, says Liz Truss

The UK National Cyber Security Centre has warned Chinese cyber activity has been detected targeting critical national infrastructure network. In an update on Wednesday evening, the NCSC, which is part of GCHQ, said they and their counterparts in the US, Australia, Canada and New Zealand are issuing new advice to “help organisations detect Chinese state-sponsored activity being carried out against critical national infrastructure networks”.

They added: “The actor has been observed taking advantage of built-in network administration tools on targets’ systems to evade detection after an initial compromise.”

Paul Chichester, NCSC Director of Operations, said: “It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems, as described in this joint advisory with our international partners.

“We strongly encourage providers of UK essential services to follow our guidance to help detect this malicious activity and prevent persistent compromise.”

The warning comes as state-backed Chinese hackers could be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during future crises, Microsoft said Wednesday.

The targets include sites in Guam, where the US has a major military presence, the company said.

Hostile activity in cyberspace — from espionage to the advanced positioning of malware for potential future attacks — has become a hallmark of modern geopolitical rivalry.

Microsoft said in a blog post that the state-sponsored group of hackers, which it calls Volt Typhoon, has been active since mid-2021. It said organisations affected by the hacking — which seeks persistent access — are in the communications, manufacturing, utility, transportation, construction, maritime, information technology and education sectors.

A Microsoft spokesman would not say why the software giant was making the announcement now or whether it had recently seen an uptick in targeting of critical infrastructure in Guam or at adjacent US military facilities there, which include a major air base.

John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, called Microsoft’s announcement “potentially a really important finding”.

“We don’t see a lot of this sort of probing from China. It’s rare,” Hultquist said. “We know a lot about Russian and North Korean and Iranian cyber-capabilities because they have regularly done this.” China has generally withheld use of the kinds of tools that could be used to seed, not just intelligence-gathering capabilities, but also malware for disruptive attacks in an armed conflict, he added.

Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers. It said the intruders gained initial access through internet-facing Fortiguard devices, which are engineered to use machine-learning to detect malware.

Don’t miss…
China investment in Pakistan has destabilised entire nation – COMMENT[COMMENT]
Global blood clot stroke death toll to treble by 2030, warns China[DATA]
China warns US against ‘geopolitical games’ in the South Pacific[INSIGHT]

“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organisations around the globe,” said CISA Director Jen Easterly, urging mitigation of affected networks to prevent possible disruption. Bryan Vorndran, the FBI cyber division assistant director, called the intrusions “unacceptable tactics” in the same statement.

Tensions between Washington and Beijing — which the US national security establishment considers its main military, economic and strategic rival — have been on the rise in recent months.

Those tensions spiked last year after then-House Speaker Nancy Pelosi’s visit to democratically governed Taiwan, leading China, which claims the island as its territory, to launch military exercises around Taiwan.

US-China relations became further strained earlier this year after the US shot down a Chinese spy balloon that had crossed the United States.

Source: Read Full Article