Suspected Chinese hackers allegedly breached the US Navy as part of a broader campaign that cybersecurity experts believe was intended to disrupt communications in the Pacific region ahead of a possible crisis.
US Navy Secretary Carlos Del Toro told CNBC on Thursday that the Navy was affected by a Chinese state-sponsored hacking group dubbed Volt Typhoon, which has been accused of breaching government, communications, manufacturing and IT organisations.
Microsoft Corp., which named the group and warned of the breaches on Wednesday, said the hackers had gained access to targets in the US and Guam, which is home to a key US military installation in the Pacific.
Microsoft said it had “moderate confidence” the breaches were carried out in preparation to upend communications in the event of a future crisis. The company’s disclosure came amid mounting concerns that China might take military action to enforce its claim to the self-ruled island of Taiwan.
The US Navy did not respond to a request for comment.
The National Security Agency, along with intelligence agencies from the UK, Australia, New Zealand and Canada also shared more details on the hackers. Those counties are all part of a key intelligence alliance, which includes the sharing of cybersecurity information, known as the Five Eyes.
China denied the hacking accusations on Thursday.
“We noted this extremely unprofessional report – a patchwork with a broken chain of evidence,” China’s foreign ministry spokeswoman Mao Ning said.
“Apparently, this has been a collective disinformation campaign launched by the US through the Five Eyes to serve its geopolitical agenda. It’s widely known that the Five Eyes is the world’s biggest intelligence association, and the NSA the world’s biggest hacking group.”
It’s not clear why Microsoft, the US and its allies decided to shin a spotlight on the hacking group this week. One reason may be to give private companies a head start on defending from this group of Chinese hackers long before a potential conflict with China over Taiwan, said John Hultquist, chief analyst at Mandiant Intelligence, a subsidiary of Google.
“The burden of protecting critical infrastructure from serious disruptive cyberattacks lies with the private sector. They have to defend these networks,” Hultquist said. “That’s why it’s so important that this intelligence makes its way into their hands. If it doesn’t, it’s practically useless.”
Details about the alleged attacks offer rare insights into potential sabotage efforts by Chinese hackers, whose alleged theft of intellectual property and espionage capabilities are better known. By contrast, cybersecurity experts have documented Russian attacks on critical infrastructure, including hacks of the power grid in Ukraine are well documented.
“The organisation has been around a long time,” said Dakota Cary, a consultant at Krebs Stamos Group, describing the hacking group. “When they walked over a line to get something of military operational value, that’s when it changed.”