News this week that a likely China-backed threat actor is targeting critical infrastructure organizations in Guam has once again raised the specter of America’s geopolitical adversaries launching disruptive cyberattacks against key communications and operational technologies in a future crisis.
The attacks are part of a broader campaign dubbed “Volt Typhoon” that Microsoft reported this week as targeting organizations in the communications, government, utility, manufacturing, maritime, and other critical sectors. Like most state-backed Chinese cyber campaigns over the past several years, the primary focus of Volt Typhoon at first appears to be cyber espionage.
A Troubling New Inflection Point for Chinese Cyberattacks?
But the group’s targeting of Guam — a strategic base for defending Taiwan against potential Chinese annexation — along with other evidence that Microsoft has examined, suggest that the actor is also laying the groundwork for attacks that could disrupt US-Asia communications in a kinetic conflict.
“There was a period of a few years where we saw relatively little Chinese activity directed against US targets […] that’s changed over the past 12 months,” notes Dick O’Brien, principal intelligence analyst at Symantec Threat Hunter Team, likely as a result of the geopolitical tensions around the Taiwan issue. “We think the one named US location (Guam) is significant as Chinese actors are very heavily focused on Taiwan right now, and Guam may be part of that focus,” he says.
The apparent preparation for disruptive attacks that Microsoft observed marks a significant departure from most cyberattacks by Chinese groups over the past
Read more