(Washington) Chinese hackers sponsored by the People’s Republic of China have targeted US critical infrastructure, cybersecurity officials in several countries, including Canada, warned Wednesday.
The Canadian Center for Cyber Security was part of this coordinated effort by Five Eyes agencies to root out the perpetrators. He participated in sharing an alert issued by the United States National Security Agency (NSA).
The discovery of what the NSA described as “indicators of compromise” was first made by Microsoft and attributed to Volt Typhoon, a Chinese state actor that the company says has been active since the mid-1990s. year 2021.
Volt Typhoon “generally focuses on espionage and information gathering,” the software giant said in its own threat assessment.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign continues the development of capabilities that could disrupt critical communications infrastructure between the United States and the Asian region in future crises. »
According to the Canadian Center for Cyber Security, “the warning is particularly important since the perpetrator is employing a method known as an ‘above ground attack’”.
“It uses built-in network administration tools to move between systems. This way, any activity can look like normal activity,” the center adds in a statement.
“This requires us to work together to find and remove the actor from our critical networks,” said NSA Cybersecurity Director Rob Joyce.
Microsoft’s report describes stealth as one of the main goals of the intruder in order to maintain access to the targeted network.
“Additionally, Volt Typhoon attempts to blend in with normal network activity by routing traffic through compromised network equipment for small offices and home offices, including routers, firewalls, and VPN hardware. »
Microsoft said Volt Typhoon has previously targeted infrastructure in the United States, including Guam, where the United States maintains an airbase and a naval port, both of which are central elements of its military presence in the ocean. Peaceful.
Pentagon officials also believe Guam and its military installations were among the main targets of the Chinese spy balloon that was shot down in February after a week of drifting in North American airspace.
Canadian officials say they have received no reports of casualties in Canada.
In a press release, the federal agency indicates that it has “joined with its partners in the Community of Five to publish a bulletin offering advice for identifying the threat and best practices that can be used to detect the activities of this or this author”.
“The interconnected nature of our infrastructure and our economies underscores the importance of working with our allies to identify and share real-time threat information,” said the Canadian agency’s chief executive, Sami Khoury.
Agencies in the UK, New Zealand and Australia forwarded the notice, along with the US Cyber and Infrastructure Security Agency and the FBI.
“For years, China has conducted operations around the world to steal intellectual property and sensitive data from critical infrastructure organizations around the world,” said CISA Director Jen Easterly.
” The opinion [de mercredi], released in conjunction with our U.S. and international partners, reflects how China is using highly sophisticated means to target our nation’s critical infrastructure. »