China’s Volt Typhoon Snoops into US Infrastructure, with Special Attention to Guam

A joint advisory from all Five Eyes (Australia, Canada, New Zealand, the United Kingdom, and the United States) reports a major Chinese cyberespionage operation that succeeded in penetrating a range of US critical infrastructure sectors. Microsoft, in its own report on Volt Typhoon, as the threat activity is being called, says the group has been active since at least the middle of 2021. The targets of the spying have extended to the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Microsoft writes that, “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.” It does this, the Five Eyes stress, by carefully living off the land, exploiting existing legitimate administrative tools and privileges in its targets.