The United States State Department has warned about China’s potential to launch cyberattacks that could disrupt critical American infrastructure. This warning comes after revelations that a Chinese hacking group infiltrated oil and gas pipelines and rail systems networks.
Earlier this week, an international alert had identified a Chinese cyberespionage operation aimed at US military and governmental targets. During a press briefing on Thursday, State Department spokesperson Matthew Miller said, “The US intelligence community assesses that China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.”
The espionage group, referred to as “Volt Typhoon” by Microsoft, became the subject of an alert disseminated by cybersecurity and intelligence agencies in the US, Australia, Canada, New Zealand, and the United Kingdom – a group colloquially known as the “Five Eyes” – on Wednesday. Microsoft researchers have posited that Volt Typhoon is developing capabilities “that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Microsoft also explained Volt Typhoon’s mode of operation, which relies on “living off the land” attacks. This type of cyber threat employs fileless malware that manipulates existing programs to conduct attacks instead of depositing files on the target system. The tech corporation further explained that Volt Typhoon’s modus operandi involves blending in with regular network activity by redirecting data through office and home networking equipment such as routers, firewalls, and VPNs, thereby rendering detection exceedingly challenging.
According to Microsoft, the hacking group has targeted crucial infrastructure organizations in Guam’s US Pacific territory. The company also pointed out that Volt Typhoon exploited the security firm Fortinet’s FortiGuard devices to gain unauthorized access to its targets. Concurrently, the US Cybersecurity and Infrastructure Security Agency (CISA) disclosed that it endeavored to ascertain “the breadth of potential intrusions and associated impacts.”
In the face of these allegations, the Chinese government has dismissed the joint warning the US and its allies issued as a “collective disinformation campaign.” Mao Ning, a spokesperson for China’s foreign ministry, accused the Five Eyes alerts of being a ploy to bolster their intelligence alliance while contending that the U.S. was the true culprit of hacking activities.