Chinese hackers bug Microsoft software to hit critical infrastructure in US

Reportedly, there are networks of semi-independent hacker groups in China conducting contract work in service of Chinese government espionage.

Telecommunications networks are key targets of these groups.

A recent case that has come to the fore is the cyber-attack on Microsoft software systems.

The company stated that the Chinese hacking group “Volt Typhoon” had planted a malicious code called a “web shell” into the software systems that enabled remote access to servers.

The operation was conducted with great stealth, sometimes flowing through home routers and other common internet-connected consumer devices, to make the intrusion harder to track.

Microsoft further claimed that this was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities but also maritime operations and transportation.

The US Administration officials also reiterated that the code was part of a vast Chinese intelligence collection effort that spans cyberspace, outer space and, as Americans discovered with the balloon incident, the lower atmosphere.

The code raised alarm bells in Guam too.

The system in Guam is particularly important to China because military communications often piggyback on commercial networks.

With its Pacific ports and vast American air base, Guam would be a centerpiece of any American military response to an invasion or blockade of Taiwan.

In a similar case in December 2022, the US Secret Service had revealed that APT41, the Chengdu-based hacking group and a prolific Chinese intelligence asset, had stolen at least $20 million in US COVID relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states.

The primary purpose of APT41’s state-directed activity was believed to be collecting personally identifying information and data about American citizens, institutions, and businesses that can be used by China for espionage purposes.

China has never acknowledged hacking into American networks, even in the biggest example of all: the theft of security clearance files of roughly 22 million Americans 2 — including six million sets of fingerprints — from the Office of Personnel Management during the Obama administration.

Besides, The Chinese entities operating in foreign shores are known not only to maximize commercial interests but also to further the politico-strategic objectives of the Chinese state. In this regard, a Chinese entity that has been under scanner all over the world is Huawei.

It is alleged that the use of Huawei cloud services in over 40 countries gave the Communist Party of China (CPC) access to systems in those countries.

Reportedly, several European countries including Italy, France, Finland, Sweden and Denmark have banned the usage of Huawei 5G equipment and asked their telecom providers to remove the existing Huawei gear from their infrastructure.

In Eastern Europe, various countries including Slovenia, Poland, Czechia, Romania, Estonia, Latvia, Slovakia and Bulgaria have indicated their intent to not let Huawei enter their 5G markets.

Poland and Romania have already taken legal action to exclude non trusted suppliers.

Contracts of other Chinese companies like Hikvision and Dahua are also under scrutiny in Europe because of the potential security risks.

It is alleged that the cameras manufactured by these companies were supposedly used for spying in the Dutch government buildings.

Beijing is known to use cyber-espionage to obtain sensitive technical information to help it achieve its military modernization goals.

In order to prevent unwanted access to classified information or defense system, Chinese investment in local firms involved in strategic sectors including aerospace, semiconductors, sensors, communications, navigation, robotics, and artificial intelligence (AI) must be scrutinized carefully before giving a go-ahead.