China refutes Microsoft allegations it hacked critical US infrastructure

China’s  foreign ministry has hit back at Microsoft claims that Chinese nation-state hackers have been attacking US critical infrastructure  (Getty Images)
China’s foreign ministry has hit back at Microsoft claims that Chinese nation-state hackers have been attacking US critical infrastructure (Getty Images)

China has denied allegations made by tech giant Microsoft that Chinese state-sponsored hackers have been trying to disrupt critical communications infrastructure between the US and Asia.

On Wednesday, Microsoft issued a report accusing a Chinese nation-state hacking group called “Volt Typhoon” of targeting critical infrastructure in the US and Guam to carry out espionage and information gathering.

In a video statement released on Twitter Thursday afternoon, Mao Ning, a spokeswoman for China’s Ministry of Foreign Affairs slammed Microsoft’s report, claiming that it is “a patchwork with a broken chain of evidence” and “extremely unprofessional”.

She added that it was ironic that the report was released jointly with statements from cybersecurity agencies in the UK, Australia, Canada and New Zealand — the other members besides the US of the Five Eyes intelligence alliance.

“As we all know, the Five Eyes alliance is the world’s biggest intelligence organisation, while the NSA is the world’s biggest hacking group,” said Ms Mao.

“The involvement of certain companies this time shows that the US is exploring new channels of spreading disinformation besides government agencies.

“This is not the first time for them to do so and certainly not the last time too, however, whatever subterfuge it uses, this will not change the fact that the US is the biggest hacking empire in the world.”

Volt Typhoon’s hacking campaign

On Wednesday, the NSA released an advisory providing technical details on just how Volt Typhoon is spying on critical infrastructure and what organisations should do to prevent further attacks.

The hacking group’s espionage and information-gathering efforts reportedly affected multiple government systems, as well as networks in multiple industries like communications, IT, manufacturing, utility, transportation, construction and maritime.

Microsoft said that Volt Typhoon was using a type of hacking method known as “living off the land”, where the hackers were sneakily using network administation tools to collect credentials from local and network systems, and then use them to log in and observe the networks.

The tech giant added that the hacking group were able to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware.

UK organisations urged to take action

On Wednesday night, the National Cyber Security Centre issued advice for UK organisations on the Volt Typhoon hacking group.

“It is vital that operators of critical national infrastructure take action to prevent attackers hiding on their systems, as described in this joint advisory with our international partners,” said NCSC Director of Operations Paul Chichester.

“We strongly encourage providers of UK essential services to follow our guidance to help detect this malicious activity and prevent persistent compromise.”

William Hutchison, the former cybersecurity lead for the US Department of Defense (DoD) told The Standard that the UK needs to improve its cyber defences.

“There’s been a massive underinvestment in critical national infrastructure in the UK. Unfortunately, it’s not hard to compromise critical infrastructure and bring critical services to their knees,” said Mr Hutchison, who is also chief executive of cybersecurity firm SimSpace.

He wants companies and organisations to prepare themselves by simulating a real cyberattack situation and assessing whether their current responses are adequate.

Mr Hutchison added: “By utilising military-grade cybersecurity readiness solutions, such as cyber ranges, organisations can test their systems to failure in a high-fidelity, simulated environment, shifting the power away from hackers’ intent on exfiltrating sensitive data and damaging business-critical systems.”