U.S. has disabled parts of Chinese hacking infrastructure, says Reuters

Share post:

American authorities got legal authorization to remotely disable aspects of a Chinese-based hacking campaign, sources have told Reuters.

The news agency said in an exclusive story Monday that the action against the hacking group, dubbed Volt Typhoon by Microsoft and other threat researchers, came because the government worries it’s part of a larger effort to compromise Western critical infrastructure.

The U.S. Justice Department and the FBI declined to comment, the news story said. The Chinese embassy in Washington did not immediately respond to a request for comment.

Under Microsoft’s new nomenclature, threat actor groups are named after weather events.  Typhoon indicates a group originates in or has been attributed to China.

Last May, Microsoft reported that Volt Typhoon had been targeting critical infrastructure organizations in Guam and elsewhere in the United States since 2021, probably for espionage. At the time, says Reuters, Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a “collective disinformation campaign” from the Five Eyes countries, the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia, and the U.K.

The discovery deeply worried the U.S., reported the New York Times. After investigating, American authorities believed the infiltration was even worse than stated in the Microsoft report.

Going after a threat actor’s infrastructure — where they can — is a favoured tactic of experienced American cyber authorities. A year ago this month, the FBI seized the website of the Hive ransomware gang after penetrating the group’s computer networks — fortunately located in California. Last August, police in seven countries, including the U.S., announced they had infiltrated and took down the infrastructure behind the Qakbot botnet, and then used that access to order infected computers to delete the malware.

The post U.S. has disabled parts of Chinese hacking infrastructure, says Reuters first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for week ending Friday, March 1, 2024

This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software

Healthcare sector “stretched thin” in fight against cyber attacks warns CSO of Health-ISAC

In an interview Errol Weiss talks about the challenges facing hospitals a

Cyber Security Today, March 1, 2024 – Warnings to GitHub users and Ivanti gateway administrators, and more

This episode reports on a recommendation that enterprises drop Ivanti Policy Secure and Connect Secure devices because threat actors can get around mitigations for recent vulne

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways