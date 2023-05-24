(QUEEN CITY NEWS) — Microsoft is reporting having uncovered “stealthy and targeted malicious activity” aimed at critical infrastructure organizations in the United States.

The attack is believed to focus on post-compromise credential access and network system discovery, Microsoft says. It’s carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.

Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. The New York Times reported Wednesday that the code was installed by a Chinese government hacking group and raised alarms because Guam, with its Pacific ports and vast American air base, would be a centerpiece of any American military response to an invasion or blockade of Taiwan.

In this campaign, Microsoft said the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

As NYT mentioned, this threat could not be shot down off the coast on live television.

Microsoft says it has directly notified targeted or compromised customers, providing them with important information needed to secure their environments.