On Wednesday, Microsoft warned that the hackers backed by the Chinese government are most likely hunting for cyber capabilities that could be used to “disrupt critical communications” between the United States and the Asia Pacific region in the event of a future US-China crisis.
In a new report, Microsoft said that since mid-2021, the Chinese hackers have been vigorous and have subsequently targeted critical infrastructure organizations in the US territory of Guam and in several other parts of the US as part of a secretive espionage and information gathering mission. Organizations chosen by the hackers cover the maritime, transportation, communications, utility and government sectors, among others.
Apart from the report shared by Microsoft, an advisory released by the FBI on Wednesday where the National Security Agency and other US and Western security agencies claimed that they believe the Chinese hackers could use the same espionage techniques against critical sectors in different parts of the world.
On Thursday, Beijing refuted back against the allegations calling them “a collective disinformation campaign of the Five Eyes coalition” – pointing to the intelligence sharing group made up of the United States, United Kingdom, Canada, Australia and New Zealand, whose security agencies jointly issued the advisory.
A spokesperson said, “The United States is expanding new channels to spread disinformation. This is not the first time, and it will not be the last.”
The findings from Microsoft – and subsequent backlash – underscore the key role that cyber operations might play in present and future US-China power competition and territorial disputes in the Pacific.
In the last few years, China has grown increasingly hostile in the region, including militarizing islands to assert contested claims in the South China Sea, in what US officials view as alarming expansionism from Beijing.
Microsoft refused to comment further other than its public blog post published on Wednesday. It also denied CNN’s request for specific information supporting the tech giant’s conclusion that Chinese hackers were preparing troublesome capabilities for future crises.
China’s Embassy in Washington, DC also dismissed the allegations.
In an email on Wednesday night, when asked for comment on the Microsoft report, embassy spokesman Liu Pengyu said “The allegation by the US side that the Chinese government is ‘supporting hacking’ is completely distorting the truth.”
US executives regularly mention China to be the most tenacious and prolific government hacking threat faced by the US.
In February this year, director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, said that Chinese hackers are too frequently going “unidentified and undeterred” in their infiltrations of US organizations.
US officials are also alarmed by the fact that Chinese hackers have created footholds in Taiwan’s critical infrastructure that Beijing may use to disrupt key services like electricity in the event of a Chinese invasion of Taiwan, as told by a senior US defense official to media in March.
On the condition of anonymity, the defense official contrasted the Chinese investigation of Taiwanese infrastructure with how Russia earlier used its hackers to make way into Ukrainian’s electric sector. According to the US Justice Department and private experts, Russian military hackers had cut power twice in Ukraine in landmark attacks in 2015 and 2016.
Chief analyst at security firm Mandiant, which is owned by Google, John Hultquist said, “Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect. China has done the same in the past, targeting the oil and gas sector.”
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” Hultquist added. The Microsoft report “is a rare opportunity to investigate and prepare for this threat.”