US infrastructure becomes prime target for hackers

Hackers operating under the auspices of the Chinese state break into American infrastructure networks

The United States and its Western allies have announced that hackers operating under the auspices of the Chinese state have broken into key American infrastructure networks. This announcement comes in light of warnings of similar attacks that the world is likely to witness today on major military and other sites targeted by hackers. The United States is monitoring “malicious” activity in other American regions in case of conflict in the region.

According to Microsoft’s statement on Wednesday, “Vault Typhoon” campaign aims at building capabilities capable of disrupting the basic infrastructure related to communications between the United States and the Asian region during crises in the future. The campaign targets organizations that include the telecommunications, industry, utilities, transportation, construction, marine, government, information technology, and education sectors.

Microsoft’s statement coincides with a warning issued by authorities in the United States, Canada, New Zealand, and the United Kingdom that electronic piracy is likely to occur globally. These activities affect networks in various sectors of the underlying infrastructure, and the responsible agencies believe that the party responsible for them can follow the same technologies against these sectors and others worldwide.

“It is clear that this is a collective disinformation campaign of the countries of the ‘Five Eyes’ coalition launched by the United States for geopolitical objectives,” said Mao Ning, Chinese foreign ministry spokesman, referring to the security alliance, which includes the United States and its Western allies.

The US and its allies reported that the assets used tactics known as “Living the Land,” which means they take advantage of tools already available in the network to infiltrate and merge with ordinary “Windows” systems, making it difficult to detect. Microsoft said the Vault Typhoon attack attempted to integrate into normal network activity by routing traffic through compromised home or small office network equipment, including routers, firewalls, and virtual private network (VPN) equipment, using custom versions of open-source tools.

“It’s what I would call a silent and slow computing activity,” said Alastair McGibbon, chief strategy officer of Australian CyberX and former head of the Australian Cyber Security Centre. “It’s like someone wearing a camouflage jacket with a sniper rifle, it can’t be seen, it doesn’t exist.”

Australian cybersecurity firm Internet 2.0 co-founder Robert Potter said several other governments have detected similar activity since the Vault Typhoon alert was issued. He stated that he was not sure how vulnerable the communications infrastructure will be as a result of these attacks because these networks are highly resilient and difficult to disrupt for more than short periods.

Jane Easterly, director of the US Agency for Information Security and Infrastructure Security, said that China has been stealing intellectual property and data for years.
“Today’s warning, released in cooperation with our partners in the United States and the international community reflects the way in which China uses highly sophisticated means to target our country’s critical infrastructure,” he said.