Spy Agencies Warn Of New Threats From Chinese Hackers

Uploaded on 2023-05-29 in INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Britain’s signals intelligence agency GCHQ has urged operators of critical national infrastructure, including energy and telecommunications networks, to take additional measures to prevent Chinese state-sponsored hackers from hiding on their systems.

 Now, the National Cyber Security Agency (NCSC) has shared a new warning about malicious Chinese hacking aimed at the UK's national infrastructure.

The NCSC, which is part of GCHQ, says that state-sponsored hackers have been spotted taking advantage of admin tools to derail projects and the warning is in the wake of malicious activity being uncovered in Guam, the USA's base in the Western Pacific. 

The NCSC issued the warning after it emerged that a Chinese hacking group known as Volt Typhoon had targeted a US military outpost in the Pacific Ocean. 

Specifically, a malicious code was implanted in telecoms networks in the island of Guam, which is the location of a US military base expected to have a critical role in any American response to an invasion of Taiwanby China. The 'web shell' code was discovered soon after the exceptional event in which a Chinese spy balloon was shot down by US air defences in February. 

The Five Eyes intelligence group, the US, the UK, Australia, Canada and New Zealand, issued a joint notice detailing the nature of the Volt Typhoon threat and how to deal with it.

Microsoft has said that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure in Guam.It also said organisations had also been targeted in the US, spanning sectors including communications, manufacturing, government, IT and education. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” said Microsoft.

According to Microsoft, Volt Typhoon has been active since mid-2021 and used to target critical infrastructure in Guam and elsewhere in the United States. The affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. 

Another US cyber security company that contributed to the advisory notice, SecureWorks has said Chinese hackers tended to share their techniques with other China-based groups and that similar techniques would be deployed against UK targets.

Microsoft has added: "Affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible."

Microsoft:     Five Eyes:    The Conversation:   Guardian:     Punchline:    The Times:   FT:   

You Might Also Read: 

NSA Warning: China Is Stealing AI Technology:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Enabling Quantum-Safe Cryptography
Europe - The DDoS Battlefield Of 2022 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IoTium

IoTium

Secure Cloud Managed Software Defined IoT Networks. IoTium simplifies establishing and managing secure network infrastructure for Industrial IoT.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

Accolite Digital

Accolite Digital

Accolite is an innovative, design thinking software company that guarantees seamless digital experiences with maximum results.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

at-yet (@-yet)

at-yet (@-yet)

at-yet are an interdisciplinary team of experts. We are all about achieving results, whatever the situation – an acute incident, risk minimisation, safeguarding or data protection.

XeneX

XeneX

XeneX Cloud Security Services address enterprise-class security challenges by enabling DevOps and Security teams to access a shared source of truth.