Microsoft has uncovered a state-sponsored hacking collective originating from China, engaged in nefarious activities aimed at covertly surveilling crucial infrastructure entities within the United States.
Volt Typhoon, operational since mid-2021, focuses on espionage and infiltrating vital systems across various sectors such as communications, manufacturing, utilities, transportation, construction, maritime, government, IT, and education. Their aim is to maintain undetected access for extended periods.
Microsoft acknowledges the challenge of detecting and mitigating Volt Typhoon’s activities. The group employs sophisticated techniques like fileless malware and exploits legitimate accounts to pilfer sensitive information. Microsoft believes Volt’s campaign aims to disrupt critical communication infrastructure between the United States and the Asian region during future crises.
The revelation of Volt’s activities by Microsoft has prompted the issuance of a Cybersecurity Advisory by the Cybersecurity and Infrastructure Security Agency (CISA). This disclosure has received further corroboration from Secureworks, a cybersecurity firm under Dell’s ownership, which has confirmed its engagement in countering multiple Volt Typhoon attacks. It is worth noting that this hacking collective is also known by the alias Bronze Silhouette.
According to Reuters, this extensive cyber-espionage campaign, attributed to China, targets the United States and may extend beyond its borders. The NSA and FBI, along with the Five Eyes intelligence alliance (US, Australia, Canada, New Zealand, UK), are investigating potential breaches by Volt Typhoon in other countries.
China has vehemently denied the allegations, dismissing them as part of a “collective disinformation campaign” orchestrated by the United States and its allies. Mao Ning, the spokesperson for the Chinese foreign ministry, retorted by accusing Washington of engaging in hacking activities and boldly declaring, “The United States is the empire of hacking.”
