Microsoft warned on Wednesday that it has uncovered “stealthy and targeted malicious activity” by a state-sponsored actor in China aimed at disrupting “critical infrastructure organizations” in the United States.
The Redmond, Wash.-based tech giant said in a security blog post that the “Volt Typhoon” campaign has been active since mid-2021. Targeted organizations in Guam and elsewhere in the U.S. include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
Microsoft said Volt Typhoon “could disrupt critical communications infrastructure between the United States and Asia region during future crises.” The company added that behavior it has observed suggests hackers intend to perform espionage and maintain access without being detected for as long as possible.
The New York Times reported that the attack set off alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan. U.S. “tabletop” exercises which map out what a Chinese invasion might look like, envision China moving initially to cut off American communications and slow the ability to respond
The blog post offers extensive details about what the campaign is targeting, how it works and its tactics for achieving and maintaining unauthorized access to target networks. It says the campaign achieves initial access to targeted organizations through an internet-facing cybersecurity suite called Fortinet FortiGuard.
Microsoft recommends that those affected by Volt Typhoon should close or change credentials for all compromised accounts.