Cyber alarm raised on China threat
By Simon Hacker | 25th May 2023
GCHQ's cyber security arm has shared a new warning on malicious Chinese hacking that could be aimed at the UK's national infrastructure.
The National Cyber Security Centre (NCSC) says state-sponsored hackers have been spotted taking advantage of admin tools to derail projects and the warning is in the wake of malicious activity being uncovered in Guam, the USA's base in the Wesern Pacific.
Specifically, a malicious code was implanted in telecomms in Guam, the 'web shell' code being disocovered soon after the incident in which a Chinese spy balloon was shot down by US air defences in February.
The US and other members of the Five Eyes security organisation (Britain, Australia, New Zealand and Canada) have subsequently issued guidance on detection and removal of the code.
The Times newspaper reports that Microsoft has named the Chinese hacking group "Volt Typhoon".
"The giant US computer company said it was a state-sponsored Chinese programme aimed not only at American critical infrastructure but also maritime operations and transportation," said the paper.
So far, no damage has been reported from the attempt to exploit access and launch any offensive attack, says Microsoft, but the tech giant says the discovery serves as a warning of China's potential ability to strike at crucial telecommunications networks at will.
Microsoft added it believes Volt Typhoon operation, which has been ongoing since the summer of 2021, exists to develop capabilities that could "disrupt critical communications infrastructure between the US and Asia region during future crises".
Recommendations issued to UK infrastructure companies include what indicators providers should look out for and examples of techniques deployed.
Microsoft added: "Affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."
Copyright 2023 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.