Microsoft has issued a stark warning about the rising threats to the critical infrastructure of the United States. The company, based in Redmond, Washington, reported on Wednesday that it had detected “stealthy and targeted malicious activity” perpetrated by a state-sponsored actor from China. These cyber attacks, according to Microsoft, aim at disrupting the operations of “critical infrastructure organizations” within the United States, highlighting an escalating trend in cyber threats against crucial U.S. assets.
In a detailed security blog post, Microsoft disclosed that this covert operation, dubbed the “Volt Typhoon” campaign, has been actively executing its malicious activities since mid-2021. The sectors targeted by the campaign are notably diverse, encompassing a wide array of organizations within the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. These attacks have been concentrated not only on mainland U.S. entities but also extended to organizations situated in the U.S. territory of Guam.
Microsoft’s cybersecurity analysts have deduced that the Volt Typhoon campaign poses a significant risk of disrupting critical communications infrastructure connecting the United States and the Asia region in the event of future crises. This finding is particularly concerning, given the geopolitical tensions simmering in the Indo-Pacific region. The patterns of behavior observed throughout the campaign further suggest that the hackers’ primary objectives are to perform covert espionage activities and to maintain their unauthorized access to the compromised networks for an extended period without being detected.
This recent cyber attack set off alarms among U.S. officials and cybersecurity experts. The New York Times reported that the strike has sparked significant concerns due to the strategic importance of Guam in the context of potential military conflicts involving the United States. With its vast Pacific ports and a substantial American air base, Guam would play a crucial role in any American military response to a potential invasion or blockade of Taiwan.
U.S. military strategists, through their “tabletop” exercises which simulate a potential Chinese invasion scenario, have posited that one of China’s initial moves in such a conflict would be to sever American communications. Such action would effectively hinder the United States’ ability to respond swiftly and decisively to an invasion, underscoring the strategic importance of the communication infrastructure that the Volt Typhoon campaign is targeting.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
Microsoft’s blog post offers an exhaustive insight into the workings of the Volt Typhoon campaign. It sheds light on the tactics the campaign employs to achieve its objectives, including the means it uses to gain initial access to its targets and the methods it uses to maintain unauthorized access to the compromised networks. Specifically, the campaign achieves initial access to targeted organizations through a vulnerable internet-facing cybersecurity suite known as Fortinet FortiGuard.
In response to the alarming findings surrounding the Volt Typhoon campaign, Microsoft has offered its recommendations to those who may be affected by the cyber attack. The company advises that these entities should promptly close or alter the credentials for all accounts that have been compromised in the attack. This measure, Microsoft suggests, is a crucial first step in mitigating the damage caused by the campaign and in preventing further unauthorized access to critical information and infrastructure.
The alert issued by Microsoft underscores the urgent need for robust cybersecurity measures and threat intelligence capabilities to protect critical infrastructure and assets from sophisticated and persistent cyber threats. As state-sponsored cyber attacks continue to rise in frequency and sophistication, it has become imperative for organizations in all sectors to take proactive measures to safeguard their digital assets and to prepare for potential cyber crises.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
CashApp us
Venmo us
Paypal us
