US Navy hit by Chinese hacking campaign, report says

(Bloomberg) – An alleged campaign by Chinese state-sponsored hackers on targets in the United States and Guam has raised concerns that Beijing is preparing to disrupt communications in the Pacific in the event of a conflict.

Bloomberg’s Most Read

The hacking campaign was first identified by Microsoft Corp. Wednesday and quickly confirmed by authorities in the United States, United Kingdom and other allied countries. Microsoft said the hacking group, which it dubbed Volt Typhoon, breached government, communications, manufacturing and IT organizations in the United States and in Guam, a crucial military post in western United States. ‘Pacific Ocean.

While the identities of most of the hacking victims remain unknown, US Navy Secretary Carlos Del Toro told CNBC on Thursday that the Navy has been affected by the intrusions. The extent of the breach was not immediately known. A US Navy spokesperson declined to “discuss the state of our networks”.

Meanwhile, Rob Joyce, director of cybersecurity at the National Security Agency, told CNN on Thursday that Chinese hackers could still gain access to sensitive US networks they have targeted. Joyce said the intrusions stood out for their brazenness in “scope and scale”.

An NSA representative declined to comment and instead referred to a statement from the NSA and other US agencies about the Chinese hacking group.

Microsoft said it had “moderate confidence” that the breaches were made with a view to disrupting communications in the event of a future crisis. The company’s disclosure came amid growing fears China might take military action to enforce its claim to the self-governing island of Taiwan.

Jon Darby, the NSA’s director of operations until his retirement after 39 years at the spy agency in August, said the operation was a well-known way to infiltrate networks by accessing them from the edges rather than what he called the bullseye and then go unnoticed for years.

“What’s interesting is that they entered from home routers all the way to US Navy infrastructure,” said Darby, who doesn’t know the details of this specific case.

“The scary thing is that they could then launch disruptive or destructive attacks when things hit the fan,” he said. “If they are in these networks, they can wreak havoc. You need to identify and fix the vulnerabilities that gave them access to these networks and eradicate them.

The NSA, as well as intelligence agencies from the UK, Australia, New Zealand and Canada also shared more details about the hackers. These countries are all part of a key intelligence alliance, which includes cybersecurity information sharing, known as the Five Eyes.

China has denied the hacking charges.

“We have noted this extremely unprofessional report – a patchwork with a broken chain of evidence,” Chinese Foreign Ministry spokesman Mao Ning said. “Apparently, this is a collective disinformation campaign launched by the United States through the Five Eyes to serve its geopolitical agenda. It is well known that the Five Eyes is the largest intelligence association in the world and the NSA the largest hacking group in the world.

The United States has previously accused Chinese hackers of espionage and intellectual property theft, including a 2015 Office of Personnel Management data breach and a 2017 Equifax hack. In 2014, a panel of the Senate discovered that hackers affiliated with the Chinese government had accessed the data. military contractors, including airlines and technology companies.

It’s unclear why Microsoft, the United States and its allies decided to shine the spotlight on the hacking group this week. One reason could be to give private companies a head start in defending against this group of Chinese hackers long before a potential conflict with China over Taiwan, said John Hultquist, chief analyst at Mandiant Intelligence. , a subsidiary of Google.

“The burden of protecting critical infrastructure from severe disruptive cyberattacks falls on the private sector. They have to defend these networks,” Hultquist said. “That’s why it’s so important that this information gets into their hands. If not, it’s practically useless.

Details of the alleged attacks offer scant insight into potential sabotage efforts by Chinese hackers, whose alleged intellectual property theft and espionage capabilities are better known. In contrast, cybersecurity experts have documented Russian attacks on critical infrastructure, including the power grid hacks in Ukraine are well documented.

“The organization has been around for a long time,” said Krebs Stamos Group consultant Dakota Cary, describing the hacking group. “When they walked a line to get something of military operational value, that’s when it changed.”

–With help from Margi Murphy.

(Updates with additional information throughout. A previous version of this story corrected a spelling error.)

Bloomberg Businessweek’s Most Read

©2023 Bloomberg LP

Leave a comment