US denounces mive cyberattack sponsored by China

By Le Figaro with AFP



“data-script=”” >

This campaign risks “disrupting critical communications infrastructure between the United States and the Asian region in future crises,” Microsoft warned.

The United States and its Western allies on Wednesday accused a “cyber actor” sponsored by China to have quietly infiltrated the “critical infrastructure» Americans, and warned that similar campaigns could take place around the world.

In a joint advisory, cybersecurity authorities in the United States, Canada, United Kingdom, Australia and New Zealand warned of “a group of activities“malicious ociated with”a state-sponsored cyber actor from the People’s Republic of China, also known as Volt Typhoon“. “This activity affects the networks of the critical infrastructure sectors of the United States“and the entity leading the attack”could apply the same techniques (…) all over the world“, they added.

In a separate press release, the American group Microsoft explained that “Volt Typhoonhas been active since mid-2021 and has targeted, among other things, critical infrastructure on the island of Guam, which hosts a major US military base in the Pacific Ocean. This campaign risksdisrupt critical communications infrastructure between the United States and the Asian region in future crisesMicrosoft warned.

The campaign aims tocommunications, industry, utilities, transportation, construction, marine, government, information technology and education sectors“, continued the American technology group. According to him, “the observed behavior suggests that the threat actor intends to eavesdrop and maintain access to infrastructure undetected for as long as possible“.

Read alsoCyberattacks: diving into the heart of a planetary hunt


According to Western security agencies, these attacks use the so-called “Living off the land(LotL), whereby the attacker uses the features and tools of the system they are targeting to get inside without leaving a trace.

In particular, the attacker can use legitimate administrative tools to enter the system and insert malicious scripts or code. This type of intrusion is much more effective than those using malware, which are more easily detectable.

According to Microsoft, Volt Typhoon tries to blend in with normal network activity by routing traffic through infected network equipment in small businesses and remote workers, including routers, firewalls and private networks virtual (VPN). “They have also been observed using customized versions of open-source toolssaid Microsoft.

The Director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, also issued a warning against Volt Typhoon. “For years, China has been conducting operations around the world to steal intellectual property and sensitive data from critical infrastructure organizationssaid Ms Easterly.

Sophisticated means»

The advisory released today, in conjunction with our U.S. and international partners, shows that China is using highly sophisticated means to target our nation’s critical infrastructure.“, she continued. According to her, this opinionwill allow network defenders to better understand how to detect and mitigate this malicious activity“.

China did not immediately react to these allegations. Beijing regularly denies carrying out or sponsoring cyberattacks, and in return accuses the United States of cyberespionage against it.China and Russia have long targeted critical infrastructurebut Volt Typhoon has provided insight into the modus operandi of Chinese hacking, said John Hultquist, an analyst at US cybersecurity firm Mandiant.

Chinese cyber threat actors are unique among their peers in that they do not regularly resort to destructive and disruptive cyber attacks“, he explains. According to him, the disclosure by Western countries of the actions of Volt Typhoon “is a rare opportunity to investigate and prepare for this threat“.

“data-script=”” >

Source link

Leave a Reply