Microsoft has uncovered efforts by the Chinese communist regime to undermine critical American infrastructure. These attacks — using malicious computer code that enables remote access to various devices — appear to be a pre-emptive attempt by the genocidal state to develop the upper hand should the two nations soon come to blows.
According to Microsoft, Volt Typhoon, a state-sponsored outfit in China often tasked with espionage and information gathering, "is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises."
Volt Typhoon has reportedly hit critical infrastructure in Guam and other American regions, affecting communications, manufacturing, transportation, government, maritime, and other sectors.
"Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible," Microsoft noted in a blog post.
Since 2021, this group of Beijing-sponsored hackers has been compromising American systems, in part by stealing credentials from local and network systems and blending "into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware."
The U.S. National Security Agency, the U.S. Cybersecurity and Infrastructure Security Agency, the FBI, and various allied cybersecurity agencies in the Anglosphere corroborated Microsoft's claims Wednesday with a report indicating that "one of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives."
"This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations," said the report. "Some of the built-in tools this actor uses are: wmic, ntdsutil, netsh, and PowerShell."
"For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe," CISA director Jen Easterly told the Associated Press.
This initiative does not appear to be a simple matter of private data theft, but rather one of many pre-emptive geostrategic moves to undermine the U.S. — not unlike the unanswered invasion of U.S. airspace earlier this year, when a Chinese communist spy balloon flouted American sovereignty and flew over sensitive nuclear sites.
Beijing has made no secret of its hegemonic ambitions, and Chinese dictator Xi Jinping has telegraphed his intent to displace the United States, notwithstanding President Joe Biden's desperate efforts to "thaw" their ostensibly icy relationship.
Despite its politicization in recent years, the Pentagon has not similarly downplayed China's goals, noting in a 2021 report that the Chinese Communist Party's aim is to "achieve 'the great rejuvenation of the Chinese nation' by 2049 to match or surpass U.S. global influence and power, displace U.S. alliances and security partnerships in the Indo-Pacific region, and revise the international order to be more advantageous to Beijing's authoritarian system."
The communists will reportedly undertake "far-ranging efforts" to see this geopolitical goal realized.
CISA director Easterly noted, "Today's advisory highlights China's continued use of sophisticated means to target our nation's critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity."
The New York Times reported that while the Volt Typhoon attacks on the U.S. presently amount to a likely espionage campaign, "the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose."
In war exercises simulating a hot conflict with China, one of the communist regime's first anticipated moves would be to sever American communications and hamper the U.S. response time to threats, indicated the Times.
A 2022 Pentagon report noted that China "presents a sophisticated, persistent threat of cyber-enabled espionage and attack to military and critical infrastructure systems through its efforts to develop, acquire, or gain access to information and advanced technologies" and that it "seeks to create destructive effects to shape decision-making and disrupt military operations at the initial stages and throughout a conflict.'
That Guam was a target for this cyberattack is unsurprising in light of the escalating tensions over nearby Taiwan. After all, Andersen Air Force Base on Guam would be the U.S. Air Force's launching point to defend both Guam and Taiwan.
While Beijing's hackers work ardently to chip away at America's cyber defenses and the nation continues its unprecedented military build-up, China continues to target the U.S. with intimidation and coercion campaigns; deadly fentanyl; and threats.