US navy hit by Chinese hacking campaign, report says
The hacking campaign was first identified by Microsoft Corp on Wednesday and quickly confirmed by authorities in the US, UK and other allied nations. Microsoft said the hacking group, which it dubbed Volt Typhoon, had breached government, communications, manufacturing and IT organizations in the US and Guam, a crucial military post in the western Pacific Ocean.
While the identities of most of the hacking victims remains unknown, US navy secretary Carlos Del Toro told CNBC on Thursday that the Navy was impacted by the intrusions. The extent of the breach wasn’t immediately known. A spokesperson for the US navy declined to “discuss the status of our networks.”
Meanwhile, Rob Joyce, the director of cybersecurity at the National Security Agency, told CNN Thursday that Chinese hackers could still have access to sensitive US networks that they’ve targeted. Joyce said the intrusions stood out in how brazen they were in “scope and scale.”
A NSA representative declined to comment and referred instead to a release by the NSA and other US agencies on the Chinese hacking group.
Microsoft said it had “moderate confidence” the breaches were carried out in preparation to upend communications in the event of a future crisis. The company’s disclosure came amid mounting concerns that China might take military action to enforce its claim to the self-ruled island of Taiwan.
Jon Darby, NSA’s director of operations until his retirement after 39 years at the spy agency in August, said the operation matched a well-known way to infiltrate networks by accessing them at the edges rather than at what he called the bulls-eye and then staying undetected for years.
“The interesting thing is they got in from home routers all the way into the US Navy infrastructure,” said Darby, who is not familiar with the details of this specific case.
“The scary thing is they could then launch disruptive or destructive attacks when things are hitting the fan,” he said. “If they’re in these networks they can wreak havoc. You’ve got to identify and plug up the vulnerabilities that allowed them to get into these networks and eradicate them.”
The NSA, along with intelligence agencies from the UK, Australia, New Zealand and Canada also shared more details on the hackers. Those countries are all part of a key intelligence alliance, which includes the sharing of cybersecurity information, known as the Five Eyes.
China has denied the hacking accusations.
“We noted this extremely unprofessional report – a patchwork with a broken chain of evidence,” China’s foreign ministry Spokesperson Mao Ning said. “Apparently, this has been a collective disinformation campaign launched by the US through the Five Eyes to serve its geopolitical agenda. It’s widely known that the Five Eyes is the world’s biggest intelligence association, and the NSA the world’s biggest hacking group.”
The US has previously accused Chinese hackers for espionage and intellectual property theft, including a data breach of the office of personnel management in 2015 and a hack of Equifax in 2017. In 2014, a Senate panel found that Chinese government-affiliated hackers accessed the data of military contractors including airlines and tech companies.
It’s not clear why Microsoft, the US and its allies decided to shine a spotlight on the hacking group this week. One reason may be to give private companies a head start on defending from this group of Chinese hackers long before a potential conflict with China over Taiwan, said John Hultquist, chief analyst at Mandiant Intelligence, a subsidiary of Google.
“The burden of protecting critical infrastructure from serious disruptive cyberattacks lies with the private sector. They have to defend these networks,” Hultquist said. “That’s why it’s so important that this intelligence makes its way into their hands. If it doesn’t, it’s practically useless.”
Details about the alleged attacks offer rare insights into potential sabotage efforts by Chinese hackers, whose alleged theft of intellectual property and espionage capabilities are better known. By contrast, cybersecurity experts have documented Russian attacks on critical infrastructure, including hacks of the power grid in Ukraine are well documented.
“The organization has been around a long time,” said Dakota Cary, a consultant at Krebs Stamos Group, describing the hacking group. “When they walked over a line to get something of military operational value, that’s when it changed.”