The United States and its Western allies have accused a Chinese-sponsored “cyber agent” of quietly infiltrating US “critical infrastructure” and warned that similar attacks could occur around the world, AFP reported.

In a joint statement, the cyber security authorities of the US, Canada, the UK, Australia and New Zealand warned of a “series of activities” linked to a “state cyber agent in the People’s Republic of China, also known as Volt Typhoon”. .

“This activity affects networks in critical infrastructure sectors in the United States,” and the attacker “could apply the same techniques (…) globally,” they added.

In a separate statement, US company Microsoft said Volt Typhoon had been active since mid-2021 and targeted, among other things, critical infrastructure on the island of Guam, home to a major US military base in the Pacific Ocean. The cyber campaign risks “disrupting critical communications infrastructure between the United States and the Asian region in future crises,” Microsoft warned.

The campaign targets the “communications, industrial, utility, transport, construction, maritime, government, information technology and education sectors,” the US technology group said.

According to the company, “the observed behavior indicates that the attacker intends to conduct espionage activities and leave his access (to the infrastructure) undetected for as long as possible.”

“How to Wear Camouflage and Carry a Sniper Rifle”

According to Western security services, one of the tactics used in these attacks is the so-called “Life from the Ground” (LotL), in which the attacker uses the functions and tools of the target system to infiltrate without a trace.

“This is what I would call low-intensity, slow-moving cyber activity,” says Alastair McGibbon, director of strategy at Australia’s CyberCX and former director of the Australian Cyber ​​Security Centre.

“It’s like someone in camouflage and with a sniper rifle. You don’t see it, it’s not there. Once inside, attackers can steal information,” the expert continued. But it also gives them the opportunity to carry out destructive actions at a later stage.

“It’s about someone who is determined but not in a rush to break into systems. It can really cause catastrophic damage,” he adds.

What is known about the Volt TYphoon

An attacker can use legitimate administration tools to compromise the system and inject malicious scripts or code. This type of intrusion is much more effective than those using malware that is easier to detect.

Director of the US Cybersecurity and Infrastructure Agency, Jen Easterly, also warned against Volt Typhoon. “For years, China has conducted operations around the world to steal intellectual property and sensitive data from organizations with critical infrastructure,” Easterly said.

The Volt Typhoon incident “shows that China is using very sophisticated means to target our country’s critical infrastructure,” and its discovery “will allow network defenders to better understand how to detect and mitigate this malicious activity,” she added.

There was no immediate response from China to the allegations. Beijing regularly denies carrying out or funding cyber attacks and in turn accuses the US of cyber espionage.

China and Russia have long targeted critical infrastructure, but the Volt Typhoon provided a better understanding of how Chinese hackers operate, said John Hultquist, an analyst at U.S. cybersecurity firm Mandiant.

“China’s cyber threat agents are unique among their peers in that they do not regularly engage in disruptive and destructive cyber attacks,” he says. He says the disclosure of Volt Typhoon by Western countries “is a rare opportunity to investigate and prepare for it.” threat”.