It is a major attack, which occurred in the United States and which could take place elsewhere in the world. Washington and several of its Western allies on Wednesday (May 24) accused a China-sponsored "cyber actor" of quietly infiltrating US "critical infrastructure."
In a joint advisory, cybersecurity authorities in the United States, Canada, United Kingdom, Australia and New Zealand warned of a malicious "group of activities" associated with "a sponsored cyber actor by the State of the People's Republic of China, also known as the Volt Typhoon". "This activity affects the networks of critical infrastructure sectors of the United States" and the entity carrying out the attack "could apply the same techniques ... worldwide", they added.
In a separate press release, the American group Microsoft explained that Volt Typhoon has been active since mid-2021 and that it has targeted, among other things, critical infrastructure on the island of Guam, which hosts a major American military base in the 'Pacific Ocean. This campaign risks "disrupting critical communications infrastructure between the United States and the Asian region in future crises," Microsoft warned.
The campaign targets "the communications, industrial, utility, transportation, construction, marine, government, information technology and education sectors," the technology group continued. American. "The observed behavior suggests that the threat actor intends to eavesdrop and maintain access [to infrastructure] undetected for as long as possible," he said.
An intrusion that leaves no traces
According to Western security agencies, these attacks include the tactic known as living off the land ("living off the land", LOTL), whereby the attacker uses the characteristics and tools of the system he targets to s introduce inside without leaving traces. In particular, the attacker can use legitimate administrative tools to penetrate the system and insert malicious scripts or code. This type of intrusion is much more effective than those using malware, which are more easily detectable. According to Microsoft, Volt Typhoon tries to blend in with normal network activity by routing traffic through infected network equipment in small businesses and remote workers, including routers, firewalls and private networks virtual (VPN).
The Director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, also issued a warning against Volt Typhoon. “For years, China has conducted operations around the world to steal intellectual property and sensitive data from critical infrastructure organizations,” she said. The Volt Typhoon case "shows that China is using very sophisticated means to target our country's critical infrastructure", and its discovery "will give network defenders a better understanding of how to detect and mitigate this malicious activity", Ms. Easterly added. .
China was quick to react to these allegations. "It is clear that this is a collective disinformation campaign by the Five Eyes coalition countries, implemented by the United States for geopolitical purposes," spokesperson Mao Ning told reporters. speech of the Chinese Ministry of Foreign Affairs.