Chinese hackers attack critical US infrastructure in Guam

Chinese hackers attack ‘critical’ US infrastructure: Microsoft unveils campaign targeting Guam amid fears Beijing will obscure strategic base for attack on Taiwan

  • The US announced the discovery of a new cluster of cyberattacks on Wednesday
  • Breaches discovered by Microsoft appear to target infrastructure in Guam
  • According to the US, the hacker group Volt Typhoon is supported by the Chinese government

US officials have accused a Chinese state-sponsored hacking gang of attacking critical infrastructure in Guam, in a campaign experts say could be used to disrupt vital communications in the event of a military conflict in Taiwan.

In an alert on Wednesday, the US Cybersecurity and Infrastructure Security Agency said the hacker group Volt Typhoon had been detected “in critical infrastructure sectors in the US.”

Microsoft, which first discovered the malicious activity, said Volt Typhoon “has been operating since mid-2021, attacking critical infrastructure organizations in Guam and elsewhere in the United States.”

The group’s apparent focus on Guam is particularly concerning, as the U.S. territory is a major military base in the Pacific and would be a key staging point for any U.S. response in the event of a conflict in Taiwan or the South China Sea.

Microsoft said it assessed with “moderate confidence” that the Volt Typhoon campaign “pursues the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia during future crises.”

The group’s apparent focus on Guam is particularly concerning given that the US territory is a major military base in the Pacific Ocean

A spokesman for the Chinese embassy in Washington DC did not immediately respond to a request for comment from on Wednesday afternoon.

Microsoft said it had notified targeted or compromised customers and provided them with information to identify and remediate any breaches.

The organizations targeted by Volt Typhoon included industries such as communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education, Microsoft said.

The company said Volt Typhoon did not appear to have used the breaches to launch offensive attacks, but the group appeared to be focusing on maintaining unobtrusive access to critical systems.

“Observed behavior suggests that the threat actor intends to conduct espionage and keep access undetected for as long as possible,” Microsoft said.

The hacker gang’s apparent focus on Guam is ringing alarm bells that its primary purpose could have been to disrupt and cut off U.S. communications with Asia in the event of a military conflict.

Guam is home to major US military facilities, including Andersen Air Force Base, which would be critical to responding to any conflict in the Asia-Pacific region.

Recently, China has stepped up military and diplomatic pressure to force self-governed Taiwan to accept Beijing’s claim to sovereignty. Taiwan rejects China’s claims.

While the United States has long pursued a policy of “strategic ambiguity” over whether it would intervene militarily to protect Taiwan in the event of a Chinese attack, President Joe Biden has said he would be prepared to use force to defend island.

In recent years, China’s navy has also become increasingly aggressive in the South China Sea, one of the world’s most important trade routes.

China has claimed almost all of the South China Sea as its territory. Parts of the vast waterway are also claimed by Vietnam, Taiwan, Brunei, Malaysia and the Philippines.