Pages

30 May 2023

China hits back over Five Eyes blame for US infrastructure cyber attack

Toby Mann 

China has hit back after Australia and other Five Eyes cyber agencies blamed it for recent cyber attacks targeting "critical infrastructure" in the United States.

Key points:A Chinese foreign ministry spokesperson described the Five Eyes advisory as "collective disinformation" lead by the US
China called the US "the empire of hacking" in response to the Five Eyes claims
Hackers were able to avoid detection by blending in with normal activities rather than using malware

"Obviously, this is a collective disinformation campaign by the United States to mobilise the Five Eyes countries for geopolitical purposes," China's foreign ministry spokesperson Mao Ning said.

She was responding to a joint Cybersecurity Advisory issued by US, Australian, New Zealand, Canada and United Kingdom intelligence agencies after detecting a "cluster of activity of interest" linked to China's state-sponsored hacking group Volt Typhoon.

The attacks, the Five Eyes advisory said, targeted "critical infrastructure" in the US.

"It is a report that has … a serious lack of evidence and is extremely unprofessional," Ms Mao said.

"As we all know, the Five Eyes is the world's largest intelligence organisation and the NSA is the world's largest hacker organisation, and it is ironic that they have joined forces to issue disinformation reports."

Volt Typhoon used a "living off the land" attack, which exploits legitimate tools within a system, rather than malware.

Using that technique hackers were able to evade detection by "blending in with normal Windows system and network activities".

Microsoft said Volt Typhoon's activity had used compromised credentials to access critical infrastructure organisations, and that the group's typical aim was espionage and information gathering.

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the company said.

Ms Mao said the "involvement of certain companies in this shows that the US is expanding new channels for spreading disinformation".

"But no matter how the tactics change, it does not change the fact that the US is the empire of hacking," she said.

Last September, China accused the NSA of being behind a cyber attack on China's Northwestern Polytechnic University.

"The US side should immediately give an account of the cyber attack instead of spreading false information to divert attention," Ms Mao said.

Security analysts expect Chinese hackers could target US military networks and other critical infrastructure if China invades Taiwan.

The NSA and other Western cyber agencies urged companies that operate critical infrastructure to identify malicious activity using the technical guidance they issued.

"It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems," Paul Chichester, director at the UK's National Cyber Security Centre said in a joint statement with the NSA.

Microsoft said the Chinese hacking group has been active since at least 2021 and has targeted several industries including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education.

No comments:

Post a Comment