homehome Home chatchat Notifications


Chinese state hackers infiltrate US and Guam critical infrastructure, steal sensitive data

Chinese state hackers employed stealthy techniques and leveraged compromised devices for cyber espionage.

Tibi Puiu
May 25, 2023 @ 10:45 pm

share Share

Illustration of hacker with abstract background
Credit: Pixabay.

Chinese government-sponsored hackers have managed to infiltrate critical infrastructure systems across the United States and Guam, conducting covert cyber espionage operations and stealing sensitive data, according to reports by Microsoft and government agencies, including the NSA and FBI.

These foreign hackers, known as the ‘Volt Typhoon’ group, have been operating for at least two years, remaining undetected while targeting crucial information for the People’s Republic of China.

Living off the land hacking

To maintain their stealthy presence, the Volt Typhoon hackers employ a sneaky technique called “living off the land.” Hackers typically install external tools or malware to infiltrate vulnerable devices. However, the Volt Typhoon technique targets existing software and features already present on compromised devices. By doing so, they avoid attracting attention from security systems that typically detect the presence of malicious software.

“To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity,” the Microsoft researchers wrote in their advisory report.

The data stolen by the Chinese hackers includes credentials, which are then used to further obscure hacking activity. For instance, this data is used to blend in with normal network traffic by using compromised small office and home office (SOHO) network equipment such as routers, firewalls, and VPN hardware.

This way, when security analysts look at network traffic looking for patterns of suspicious activity, they won’t see any red flags. However, the traffic that is supposedly from Guam or California is spoofed, masking activity coordinated all the way from China.

To first gain access to critical US-based infrastructure, the hackers seem to have found a back door in Internet-facing Fortinet FortiGuard devices, Ars Technica reported. Ironically, these are security appliances designed to protect networks from various threats. However, when these devices are left unpatched or have unaddressed vulnerabilities, they become susceptible to exploitation by hackers.

In the context of the Volt Typhoon campaign, hackers exploit these vulnerabilities in FortiGuard devices to gain unauthorized access to a network. Once they penetrate the device, they extract credentials from the network’s Active Directory. The Active Directory is a database that stores crucial information such as usernames, password hashes, and other sensitive data related to user accounts. With these credentials in hand, the hackers can then proceed to infect other devices within the network, expanding their reach and control.

What’s at stake?

The industries affected by these cyber intrusions span a wide range, including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education.

According to Microsoft researchers, the ultimate aim for the Volt Typhoon campaign likely aims to develop capabilities for disrupting critical communications infrastructure between the United States and the Asia region during potential future crises.

Guam is of particular strategic importance as it hosts important Pacific ports and an air base utilized by the US military. As tensions rise over issues like Taiwan, Guam has become a focal point due to its critical position.

The United States has long followed a policy of “strategic ambiguity” on whether it would intervene militarily to protect Taiwan in the event of a Chinese attack. However, U.S. President Joe Biden has said he would be willing to use force to defend it. In the event of such action, the U.S. would effectively go to war with China, who will most likely activate and disrupt hacked systems from day one.

While the Volt Typhoon hack has now been exposed, there may be many other systems and networks that are currently compromised but the hacking has yet to be detected.

Besides Taiwan, the US and China are engaged in tussling over a range of issues, including trade and technology transfer. In order to hamper Chinese influence, the US has introduced various export controls, most notably on semiconductors, and is even seriously considering banning the popular social media application TikTok, owned by China’s ByteDance.

In its turn, China has introduced its own control measures. For instance, products from the U.S.-based memory chip maker Micro are banned in China, citing natural security.

One of the most significant clashes between the two powers occurred in February when the U.S. Air Force shot down what it says was a Chinese spy balloon over American airspace. China denied the accusation, saying the airship was simply a weather balloon that had run off course.

To help organizations detect and mitigate these attacks, the advisory provides indicators of compromise that administrators can use to identify potential infections. For instance, compromised systems may exhibit successful sign-ins from unfamiliar IP addresses, and unusual command-line activities may be associated with the same user account.

share Share

Doctor Discovers 48th Known Blood Group and Only One Person on Earth Has It

A genetic mystery leads to the discovery of a new blood group: “Gwada negative.”

More Than Half of Intersection Crashes Involve Left Turns. Is It Time To Finally Ban Them?

Even though research supports the change, most cities have been slow to ban left turns at even the most congested intersections.

A London Dentist Just Cracked a Geometric Code in Leonardo’s Vitruvian Man

A hidden triangle in the vitruvian man could finally explain one of da Vinci's greatest works.

The Story Behind This Female Pharaoh's Broken Statues Is Way Weirder Than We Thought

New study reveals the ancient Egyptian's odd way of retiring a pharaoh.

China Resurrected an Abandoned Soviet 'Sea Monster' That's Part Airplane, Part Hovercraft

The Soviet Union's wildest aircraft just got a second life in China.

A Rocket Carried Cannabis Seeds and 166 Human Remains into Space But Their Capsule Never Made It Back

The spacecraft crashed into the Pacific Ocean after a parachute failure, ending a bold experiment in space biology and memorial spaceflight.

Ancient ‘Zombie’ Fungus Trapped in Amber Shows Mind Control Began in the Age of the Dinosaurs

The zombie fungus from the age of the dinosaurs.

Your browser lets websites track you even without cookies

Most users don't even know this type of surveillance exists.

What's Seasonal Body Image Dissatisfaction and How Not to Fall into Its Trap

This season doesn’t have to be about comparison or self-criticism.

Why a 20-Minute Nap Could Be Key to Unlocking 'Eureka!' Moments Like Salvador Dalí

A 20-minute nap can boost your chances of a creative breakthrough, according to new research.