The intelligence agencies of the United States, Canada, Australia, New Zealand and the United Kingdom (which cooperate under the Five Eyes alliance) have published a joint notice on Wednesday about the espionage campaign that China is carrying out through attacks perpetrated by hackers sponsored by Xi Jinping's government. The American technology company Microsoft has joined the warning, which Beijing attributes to a disinformation strategy by Washington.
In a statement, the US technology giant said that the Chinese organization known as Volt Typhoon has been carrying out a campaign of cyber attacks on a wide range of US critical infrastructure organizations, from telecommunications to transportation hubs, which could "disrupt communication" between this country and Asia in the future.
"Affected organizations span the communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education sectors," Microsoft said. "Mitigating this attack could be challenging," she added.
The hackers have been active since mid-2021, targeting organizations in Guam, a Pacific island that is part of the US and home to strategically important US military bases, and elsewhere in the country.
The National Security Agency (NSA) confirmed the Chinese incursion also on Wednesday. "A Chinese-sponsored agent living outside (US) territory is using network-embedded tools to evade our defenses and leave no trace," said Rob Joyce, the NSA's director of cybersecurity. The agency added that it is working with the governments of Canada, Australia, New Zealand and the United Kingdom, as well as the FBI to identify other possible cyberattacks of this type.
While China and the United States routinely spy on each other, analysts say this is one of the largest known Chinese cyber-espionage campaigns against critical US infrastructure.
Chinese Foreign Ministry spokesman Mao Ning described the hacking allegations as part of a "collective disinformation campaign" by the Five Eyes countries. Mao claimed that the campaign was launched by the US for geopolitical reasons and that the report by Microsoft analysts showed that the US government was expanding its disinformation channels beyond government agencies. "But no matter what variety of methods are used, none of this can change the fact that the United States is the piracy empire," he told a regular news conference in Beijing.
Guam, a US territory since 1898, is strategically located in the western Pacific. There remains a naval and air base, where a total of 6,000 soldiers are deployed and which controls 40% of the territory. They are US military installations that would be key to responding to any conflict in the Asia-Pacific region. It is also a major communications hub connecting Asia and Australia to the United States via multiple undersea cables.
It was precisely the undersea cables that made the island "a logical target for the Chinese government to look for intelligence," said Bart Hoggeveen, an analyst at the Australian Institute for Strategic Policy who specializes in state-sponsored cyberattacks in the region. “There is a high vulnerability when the cables land on the ground,” he detailed.
So far, none of the other Five Eyes members have detected similar attacks, but New Zealand and Canada said they would work to identify any malicious cyber activity of this type in their country. "Western economies are deeply interconnected. Much of our infrastructure is tightly integrated and an attack on one can affect the other," Canada's cybersecurity agency said.