(Bloomberg) — An alleged campaign by Chinese state-sponsored hackers on targets in the United States and Guam has raised concerns that Beijing is preparing to disrupt communications in the Pacific in the event of a conflict.
Most Read from Bloomberg
The hacking campaign was first identified by Microsoft on Wednesday and quickly confirmed by authorities in the US, UK and other allied countries. Microsoft said the hacking group, which it called Volt Typhoon, breached government, telecommunications, manufacturing and information technology organizations in the United States and Guam, an important military outpost in the western Pacific.
While the identities of most of the hacking’s victims remain unknown, US Secretary of the Navy Carlos del Toro told CNBC on Thursday that the Navy has been affected by the hacks. The extent of the breach was not immediately known. A US Navy spokesman declined to “discuss the state of our networks”.
Meanwhile, Rob Joyce, the director of cybersecurity at the National Security Agency, told CNN on Thursday that Chinese hackers still had access to the sensitive US networks they targeted. Joyce said the intrusions stood out for their brazen “scope and scale”.
A representative for the NSA declined to comment and instead referred to a statement by the NSA and other US agencies regarding the Chinese hacking group.
Microsoft said it had “medium confidence” in the breaches, in preparation for overturning communications in the event of a future crisis. The company’s disclosure came amid growing concerns that China could take military action to enforce its claim to the self-ruled island of Taiwan.
John Darby, the NSA’s director of operations until his retirement after 39 years at the spy agency in August, said the operation matched a known method of hacking networks by getting at them at the edges rather than at what he called “the bulls-eye.” remain undetected for years.
“The interesting thing is that they got in from home routers all the way into the US Navy’s infrastructure,” said Darby, who is not familiar with the specifics of this particular case.
“The scary thing is that they can then launch disruptive or destructive attacks when things hit the propeller,” he said. “If they are in these networks they can wreak havoc. You have to identify and communicate the vulnerabilities that allowed them to access these networks and eliminate them.”
The NSA, along with intelligence agencies from the United Kingdom, Australia, New Zealand and Canada, also shared more details about the hackers. These countries are all part of a major intelligence alliance, which includes sharing cybersecurity information, known as the Five Eyes.
China denied the hacking accusations.
“We have noted this extremely unprofessional report – a patchwork of discontinuous chain of evidence,” said Chinese Foreign Ministry spokesman Mao Ning. It is clear that this was a mass disinformation campaign launched by the United States through the Five Eyes to serve its geopolitical agenda. It is widely known that The Five Eyes is the largest intelligence association in the world, and the NSA is the largest hacking group in the world.
The United States has previously accused Chinese hackers of espionage and intellectual property theft, including the Office of Personnel Management data breach in 2015 and the Equifax hack in 2017. In 2014, a Senate panel found that Chinese government hackers accessed the data. From military contractors including airlines and technology companies.
It is not clear why Microsoft, the United States and its allies decided to highlight the hacking group this week. One reason may be that private companies were given a head start in defending this group from Chinese hackers long before a possible conflict with China over Taiwan, said John Hultquist, a senior analyst at Mandiant Intelligence, a Google subsidiary.
The onus of protecting critical infrastructure from dangerous, disruptive cyberattacks falls on the private sector. “They have to defend these networks,” Hultquist said. That is why it is so important that this intelligence gets its way into their hands. If it doesn’t, it’s practically useless.”
Details about the alleged attacks provide rare insights into potential sabotage efforts by Chinese hackers, who are better known for their intellectual property theft and espionage capabilities. By contrast, Russian attacks on critical infrastructure, including hacks into Ukraine’s power grid, have been well documented by cybersecurity experts.
“The organization has been around for a long time,” said Dakota Carey, a consultant with Krebs Stamos Group, describing the hacking group. “When they walked over a line to get something of military operational value, that’s when it changed.”
— with the help of Margie Murphy.
(Updates with additional information throughout. An earlier version of this story corrected a misspelling.)
Most Read from Bloomberg Businessweek
© 2023 Bloomberg LP
“Infuriatingly humble analyst. Bacon maven. Proud food specialist. Certified reader. Avid writer. Zombie advocate. Incurable problem solver.”