Chinese state-sponsored cyber threat actor is performing discrete espionage operations within critical U.S. infrastructure and may target other nations, Western cybersecurity agencies and Microsoft warned Wednesday.Those operations may be aimed at developing ways to disrupt critical communications between the U.S.
and Asia “during future crises,” Microsoft said — a warning that could refer to a potential attack on Taiwan by China, which has indicated it may use military force to bring the democratically-governed island under its direct control.The threat posed by the Chinese group, known as Volt Typhoon, prompted a rare joint advisory Wednesday from Five Eyes cybersecurity agencies, including the Communications Security Establishment (CSE)’s Canadian Centre for Cyber Security.The agencies and Microsoft said the group has avoided detection by blending in with normal Windows operations through a series of techniques known as “living off the land.” The process allows the actor to move through systems by taking advantage of built-in network administration tools, making its actions look like normal activity.The CSE says Volt Typhoon has only been detected in the U.S.
so far, and that no Canadian victims have been reported as of Wednesday.“However, western economies are deeply interconnected,” the agency warned.