Such “living off the land” spy techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,” he added.
The Chinese embassy in Washington did not immediately respond to a Reuters request for comment.
Microsoft said the Chinese group, which it dubbed “Volt Typhoon”, has been active since at least 2021 and has targeted a number of industries including communications, manufacturing, utility, transport, construction, maritime, government, information technology, and education.
As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.
Analysts assessed with “moderate confidence” that this Chinese campaign was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises, Microsoft added.
Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region.
Canada’s cybersecurity agency separately said it had no reports of Canadian victims of this hacking as yet. “However, western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”
The UK similarly warned the techniques used by the Chinese hackers on US networks could be applied worldwide.
