August 2, 2023

According to Kaspersky, New York Times, and Microsoft, Chinese government hackers are digging deep into U.S. infrastructure.

The Kaspersky report says a group called Zirconium employed advanced eavesdropping technologies to build a “permanent channel for data exfiltration” in industrial infrastructure. Another New York Times story exposed the actions of a second Chinese government-linked outfit called Volt Typhoon, which carried malware capable of destroying key infrastructure at U.S. military locations throughout the world.

Zirconium’s operations span various industries, including government, financial, aerospace, defense, technology, construction, engineering, telecommunications, media, and insurance. The group used 15 implants to gather sensitive data from targeted networks, employing DLL hijackings to mask their activities and avoid detection.

Volt Typhoon, on the other hand, targeted key infrastructure, potentially interrupting communications and power supplies to US military locations. The spyware they placed constituted a huge risk, with the ability to disrupt not just military activities but also the daily lives of regular Americans.

A unknown Chinese hacker outfit, according to a third report issued by Microsoft, penetrated the email accounts of 25 of its cloud clients, including the U.S. Departments of State and Commerce.

Concerns have been expressed concerning the scope of Chinese government hacking and the potential for these assaults to do significant harm to U.S. infrastructure. The Biden administration has described the claims as “deeply concerning” and stated that actions are being taken to counter the threat. China has labeled the reports “propaganda.”

The sources for this piece include an article in ArsTechnica.