Chinese Hackers Spying on US Critical Infrastructure, Western Intelligence Says

A state-sponsored Chinese hacking group has been spying on a wide range of US critical infrastructure organizations, from telecommunications to transportation hubs, Western intelligence agencies and Microsoft said on Wednesday.

The espionage has also targeted the US island territory of Guam, home to strategically important American military bases, Microsoft said in a report, adding that "mitigating this attack could be challenging."

While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against American critical infrastructure, Reuters said.

The Chinese embassy in Washington did not immediately respond to a Reuters request for comment.

It was not immediately clear how many organizations were affected, but the US National Security Agency (NSA) said it was working with partners including Canada, New Zealand, Australia, and the UK, as well as the US Federal Bureau of Investigation to identify breaches. Canada, UK, Australia and New Zealand warned they could be targeted by the hackers too.

Microsoft analysts said they had "moderate confidence" this Chinese group, which it dubbed as 'Volt Typhoon', was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

"It means they are preparing for that possibility," added said John Hultquist, who heads threat analysis at Google's Mandiant Intelligence.

The Chinese activity is unique and worrying also because analysts don't yet have enough visibility on what this group might be capable of, he added.

"There is greater interest in this actor because of the geopolitical situation."

As China has stepped up military and diplomatic pressure in its claim to democratically governed Taiwan, US President Joe Biden has said he would be willing to use force to defend Taiwan.

Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.

"It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems," Paul Chichester, director at the UK's National Cyber Security Center said in a joint statement with the NSA.

Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

NSA cybersecurity director Rob Joyce said the Chinese campaign was using "built-in network tools to evade our defenses and leaving no trace behind." Such techniques are harder to detect as they use "capabilities already built into critical infrastructure environments," he added.

As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim's existing systems to find information and extract data.

Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States by multiple submarine cables.

Bart Hoggeveen, a senior analyst at the Australian Strategic Policy Institute who specializes in state-sponsored cyber attacks in the region, said the submarine cables made Guam "a logical target for the Chinese government" to seek intelligence.

"There is high vulnerability when cables land on shore," he said.

New Zealand said it would work towards identifying any such malicious cyber activity in its country.

"It's important for the national security of our country that we're transparent and upfront with Australians about the threats that we face," Australia's Minister for Home Affairs and Cyber Security Clare O'Neil said.

Canada's cybersecurity agency said it had no reports of Canadian victims of this hacking as yet. "However, Western economies are deeply interconnected," it added. "Much of our infrastructure is closely integrated and an attack on one can impact the other."

Bangladesh said three student leaders had been taken into custody for their own safety after the government blamed their protests against civil service job quotas for days of deadly nationwide unrest.

Students Against Discrimination head Nahid Islam and two other senior members of the protest group were Friday forcibly discharged from hospital and taken away by a group of plainclothes detectives.

The street rallies organized by the trio precipitated a police crackdown and days of running clashes between officers and protesters that killed at least 201 people, according to an AFP tally of hospital and police data.

Islam earlier this week told AFP he was being treated at the hospital in the capital Dhaka for injuries sustained during an earlier round of police detention.

Police had initially denied that Islam and his two colleagues were taken into custody before home minister Asaduzzaman Khan confirmed it to reporters late on Friday.

"They themselves were feeling insecure. They think that some people were threatening them," he said.

"That's why we think for their own security they needed to be interrogated to find out who was threatening them. After the interrogation, we will take the next course of action."

Khan did not confirm whether the trio had been formally arrested.

Days of mayhem last week saw the torching of government buildings and police posts in Dhaka, and fierce street fights between protesters and riot police elsewhere in the country.

Prime Minister Sheikh Hasina's government deployed troops, instituted a nationwide internet blackout and imposed a curfew to restore order.

- 'Carried out raids' -

The unrest began when police and pro-government student groups attacked street rallies organized by Students Against Discrimination that had remained largely peaceful before last week.

Islam, 26, the chief coordinator of Students Against Discrimination, told AFP from his hospital bed on Monday that he feared for his life.

He said that two days beforehand, a group of people identifying themselves as police detectives blindfolded and handcuffed him and took him to an unknown location to be tortured before he was released the next morning.

His colleague Asif Mahmud, also taken into custody at the hospital on Friday, told AFP earlier that he had also been detained by police and beaten at the height of last week's unrest.

Police have arrested at least 4,500 people since the unrest began.

"We've carried out raids in the capital and we will continue the raids until the perpetrators are arrested," Dhaka Metropolitan Police joint commissioner Biplob Kumar Sarker told AFP.

"We're not arresting general students, only those who vandalized government properties and set them on fire."

Chinese Hackers Spying on US Critical Infrastructure, Western Intelligence Says