Who is “Volt Typhoon”, the Chinese-sponsored hacker group?

Who is Volt Typhoon the Chinese sponsored hacker group

The United States and its Western allies on Wednesday (May 24) accused a group of hackers sponsored by China of having discreetly infiltrated American critical infrastructure. In a joint statement, cybersecurity authorities in the United States, Canada, United Kingdom, Australia and New Zealand warned of “a cyber actor sponsored by the People’s Republic of China, also known as Volt Typhoon”.

“For years, China has conducted operations around the world to steal intellectual property and sensitive data from critical infrastructure organizations,” also said Jen Easterly, director of the US Cyber ​​and Security Agency. infrastructure. For its part, Beijing firmly denies the paternity of these attacks. “It is clear that this is a collective disinformation campaign initiated by the United States for geopolitical purposes,” Mao Ning, a spokeswoman for the Chinese Foreign Ministry, told reporters.

Active since 2021

The group would have been active since 2021. In particular, it would have infected American critical infrastructures on the Island of Guam. This independent territory located in the Marianas archipelago hosts a major American military base in the Pacific Ocean. According to Microsoft, which released ado blog post on the subject, this intrusion could disrupt the communication infrastructure. A prospect that would weaken the United States in the event of a conflict in the Pacific.

To break into the infrastructures, the Volt Typhoon group practices “Living off the land”. This method consists of using functions already present on the computers of the victims, for example through the tools installed on the operating systems. According to Microsoft, Volt Typhoon attempts to conceal its activity by using infected network equipment, such as routers, firewalls and virtual private networks (VPNs), to route traffic through small businesses and teleworkers.

Disrupt the functioning of networks

Once the hacker has obtained access to the targeted machines, he can recover confidential data, but also use the computer’s administration tools to add malicious code to it, and disrupt the operation of a complex network. . A “living off the land” attack is much harder to detect than an intrusion using malware, and therefore allows hackers to stay active much longer, according to Microsoft.

According to Jen Easterly, the discovery of the actions of Volt Typhoon will allow “network defenders to better understand how to detect and mitigate this malicious activity”. The director of the US Cybersecurity and Infrastructure Security Agency also raises the possibility of similar attacks that could take place around the world.

According to Microsoft, a campaign of similar cyberattacks could well target “the sectors of communications, industry, utilities, transportation, construction, marine, government, information technology and education”.

lep-sports-01