On May 25, 2023, a massive cyberattack hit the United States, affecting "critical" infrastructure in various sectors, including government and communications organizations. This attack has been attributed to a Chinese state-backed hacker group known as "Volt Typhoon".
Active since mid-2021, the Volt Typhoon group has infiltrated several vital US sectors. Microsoft warned on Wednesday that Chinese hackers had compromised "critical" cyber infrastructure across multiple sectors in the United States, with a particular focus on intelligence gathering. Sectors targeted include communications, industry, utilities, transportation, construction, marine, government, information technology and education.
According to Microsoft, the group's goal is to disrupt "essential communications infrastructure between the United States and the Asian region in future crises." The group appears intent on conducting espionage operations and maintaining access to compromised systems for as long as possible without being detected
.
The attack is particularly focused on the communications infrastructure in Guam and other parts of the United States. This island, home to a major US military base in the Pacific Ocean, is of particular concern to US intelligence as it lies at the heart of a US military response to an invasion of Taiwan.
Volt Typhoon uses an unnamed vulnerability in a popular cybersecurity suite called FortiGuard to infiltrate organizations. After gaining access to a corporate system, the hacker group steals user credentials from the security suite and uses them to try to gain access to other corporate systems. /p>
Western security agencies report that the attacks use the so-called "Living off the land" (LotL) tactic, whereby the attacker uses the features and tools of the system they are targeting to break into it without leaving of tracks. Volt Typhoon attempts to blend in with normal network activity by routing traffic through infected network equipment in small businesses and teleworkers, including routers, firewalls, and virtual private networks (VPNs). ).
Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, also issued a warning about Volt Typhoon. She pointed out that China has been carrying out global operations for years aimed at stealing intellectual property and sensitive data from critical infrastructure organizations. She added that the Volt Typhoon case "shows that China is using very sophisticated means to target our country's critical infrastructure," and that its discovery "will give network defenders a better understanding of how to detect and mitigate this malicious activity." .
In the wake of these allegations, China did not react immediately. Beijing regularly denies carrying out or sponsoring cyberattacks, and in turn accuses the United States of cyberespionage against it.
This cyberattack highlights the growing importance of cybersecurity in today's global environment. States and organizations around the world must be vigilant and prepared to respond to these threats to protect their critical infrastructure and sensitive information.
Our sources:
CNBC: "Chinese state-sponsored hackers have compromised critical US cyber infrastructure, Microsoft warns", published May 25, 2023.
Lepetitjournal.com: "Massive cyberattack in the United States: a group of Chinese hackers targeted", published on May 25, 2023.
Comments