25 May 2023

NZ warned after Chinese hackers target critical US infrastructure - intelligence agencies

4:03 pm on 25 May 2023
Teenage Hacker Girl Attacks Corporate Servers in Dark, Typing on Red Lit Laptop Keyboard. Room is Dark

After revelations about an international hacking alert the UK's director of the National Cyber Security Centre said all critical infrastructure operators should beware and take steps to protect their operations. Photo: 123RF

By Zeba Siddiqui and Christopher Bing, for Reuters

A Chinese state-sponsored hacking group has been spying on critical US infrastructure organisations, and New Zealand could be a target too, along with Australia, the UK and Canada, Western intelligence agencies and Microsoft say.

The espionage also targeted the Pacific Island US island territory of Guam, home to strategically important American military bases, Microsoft said in a report.

It added that "mitigating this attack could be challenging."

While China and the United States routinely spy on each other, analysts said this was one of the largest known Chinese cyber-espionage campaigns against a wide range of critical US infrastructure organisations, from telecommunications to transportation hubs.

It was not immediately clear how many organisations from the US were affected, but the country's National Security Agency (NSA) said it was working with partners including New Zealand, Australia, the UK and Canada, as well as the US Federal Bureau of Investigation to identify the breaches.

The Chinese embassy in Washington did not immediately respond to a Reuters request for comment.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using technical guidance they issued.

"It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems," said the director of the UK National Cyber Security Centre Paul Chichester, in a joint statement with the NSA.

New Zealand said it would work toward identifying any such malicious cyber activity in its country.

"It's important for the national security of our country that we're transparent and upfront with Australians about the threats that we face," Australia's Minister for Home Affairs and Cyber Security Clare O'Neil said.

Canada's cybersecurity agency said it had no reports of Canadian victims of this hacking as yet. "However, Western economies are deeply interconnected," it added. "Much of our infrastructure is closely integrated and an attack on one can impact the other."

Microsoft analysts said they had "moderate confidence" this Chinese group, which it dubbed 'Volt Typhoon', was developing capabilities that could disrupt critical communications infrastructure between the US and Asia region during future crises.

"It means they are preparing for that possibility," said John Hultquist, head of threat analysis at Google's Mandiant Intelligence.

This Chinese activity was unique and worrying also because analysts did not yet have enough visibility on what the group might be capable of, he added.

"There is greater interest in this actor because of the geopolitical situation."

As China stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, US President Joe Biden had said he would be willing to use force to defend Taiwan.

Security analysts expected that if China invaded Taiwan, Chinese hackers could target US military networks and other critical infrastructure.

Microsoft said the Chinese hacking group had been active since at least 2021 and had targeted several industries including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education.

NSA cybersecurity director Rob Joyce said the Chinese campaign was using "built-in network tools to evade our defences and leaving no trace behind." Such techniques are harder to detect as they use "capabilities already built into critical infrastructure environments," he added.

As opposed to using traditional hacking techniques, which often involved tricking a victim into downloading malicious files, Microsoft said this group infected a victim's existing systems to find information and extract data.

Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Australian Strategic Policy Institute senior analyst Bart Hoggeveen specialises in state-sponsored cyber attacks in the region, and said the submarine cables made Guam "a logical target for the Chinese government" to seek intelligence.

"There is high vulnerability when cables land on shore," he said.

-Reuters

  • Top adviser says Biden will meet Pacific leaders this year
  • Watch: PM Chris Hipkins holds a media stand-up in Papua New Guinea
  • Australia to prioritise long-range strike capability in defence shakeup
  • Pacific must 'stand together' on Taiwan issue - Palau's Surangel Whipps Jr
  • China practices blockades on last scheduled day of Taiwan drills
  • Government points finger at China over cyber attacks