China-sponsored threat actors have managed to establish persistent access within telecom networks and other critical infrastructure targets in the US, with the observed purpose of espionage — and, potentially, the ability down the line to disrupt communications in the event of military conflict in the South China Sea and broader Pacific.
That’s according to a breaking investigation from Microsoft, which dubs the advanced persistent threat (APT) “Volt Typhoon.” It’s a known state-sponsored group that has been observed carrying out cyber espionage activity in the past, by researchers at Microsoft, Mandiant, and elsewhere.
While espionage appears to be the goal for now, there could very well be a more sinister purpose at play. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” according to the analysis.
The first signs of compromise emerged in telecom networks in Guam, according to a New York Times report ahead of the findings being released. The National Security Agency discovered those intrusions around the same time that the Chinese spy balloon was making headlines for entering US airspace, according to the report. It then enlisted Microsoft to further investigate, eventually uncovering a widespread web of compromises across multiple sectors, with a particular focus on air, communications, maritime, and land transportation targets.
A Shadow Goal? Laying Groundwork for Disruption
The discovery of the activity is playing out against the backdrop of the US’ frosty