Chinese hackers that triggered US alarm hit defence targets -researchers

By James Pearson and Raphael Satter

LONDON (Reuters) – A group of Chinese hackers who recently triggered a multi-nation alert have been conducting a cyberespionage campaign against military and government targets in the United States, researchers said on Thursday.

The Chinese government has rejected assertions that its spies are going after Western targets, calling the joint warning issued by the United States and its allies a “collective disinformation campaign”.

The group – dubbed “Volt Typhoon” by Microsoft (NASDAQ:) – was the subject of an alert issued by cybersecurity and intelligence agencies in the United States, Britain and their close allies.

Chinese cyber spies have been seen to “primarily target organizations in the U.S. in defence and government verticals (fields), primarily for espionage purposes”, according to researcher Marc Burnard, whose organisation – Secureworks – has dealt with several intrusions tied to Volt Typhoon.

The analysis by Secureworks – an arm of Dell Technologies (NYSE:) – adds context to the warning issued on Wednesday by Microsoft.

That warning said Volt Typhoon was developing capabilities “that could disrupt critical communications infrastructure between the United States and Asia region during future crises” – a nod to escalating tensions between China and the United States over Taiwan and other issues.

The group has targeted critical infrastructure organisations in the U.S. Pacific territory of Guam, Microsoft said.

The reference to potentially disruptive activity drew widespread attention. Fortinet (NASDAQ:), whose FortiGuard devices Microsoft said were being abused by Volt Typhoon to break into its targets, saw its shares fall more than 2 percent.

Burnard said Secureworks had seen no evidence of destructive activity by Volt Typhoon, but that in general its hackers were focused on stealing information that would “shed light on U.S. military activities”.

He declined to name the “handful” of victims which Secureworks had helped to deal with Volt Typhoon.

Chinese foreign ministry spokesperson Mao Ning told reporters that the alerts, issued by the United States, Britain, Canada, Australia and New Zealand were intended to promote their intelligence alliance, known as the Five Eyes – and that it was Washington that was guilty of hacking.

“The United States is the empire of hacking,” Mao said.