American agencies intervene to neutralize Volt Typhoon, a Chinese hacking group, fearing a broader threat to Western critical infrastructure. (IT World Canada)
In a recent development reported exclusively by Reuters on Monday, American authorities have been granted legal authorization to remotely disable certain elements of a hacking campaign associated with China, identified as Volt Typhoon by Microsoft and other cybersecurity researchers. The move is prompted by concerns within the U.S. government that this hacking group may be part of a larger initiative aimed at compromising critical infrastructure in Western nations.
The U.S. Justice Department and the Federal Bureau of Investigation (FBI) have chosen not to comment on the situation at this time. Furthermore, a request for comment from the Chinese embassy in Washington remains unanswered.
FBI Director Christopher Wray confirmed during a Congressional hearing on January 31st that the agency took action with a court order to disrupt some of the online activities associated with Volt Typhoon.
Microsoft's recent nomenclature designates threat actor groups after weather events, with Typhoon indicating a group originating from or attributed to China.
This action follows Microsoft's revelation in May of last year that Volt Typhoon had been actively targeting critical infrastructure organizations in Guam and other parts of the United States since 2021, likely for espionage purposes. At that time, the Chinese foreign ministry spokesperson Mao Ning dismissed the hacking allegations as a "collective disinformation campaign" orchestrated by the Five Eyes countries – a coalition of intelligence-sharing nations comprising the United States, Canada, New Zealand, Australia, and the U.K.
According to Reuters, the initial discovery raised significant concerns within the U.S. government. Subsequent investigations revealed that the extent of the infiltration was more severe than initially reported by Microsoft.
Taking preemptive action against a threat actor's infrastructure is a strategy frequently employed by experienced American cyber authorities. A notable instance from a year ago involved the FBI seizing the website of the Hive ransomware gang after successfully penetrating the group's computer networks, conveniently located in California. In another operation last August, law enforcement agencies in seven countries, including the U.S., disclosed that they had infiltrated and dismantled the infrastructure supporting the Qakbot botnet. They then utilized this access to instruct infected computers to remove the malware.
As the situation unfolds, the U.S. government's efforts to thwart cyber threats highlight the ongoing challenges posed by international hacking activities and the imperative to safeguard critical digital infrastructure.
