NSA and Microsoft Release Report on Critical Cyber Threats to US Infrastructure Backed by State-Sponsored Chinese Actor

The United States, through its National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), Microsoft and others published a Joint Cybersecurity Intelligence Bulletin (CSA) that highlights Volt Typhoon's activities, an organized and state-backed cybercriminal group operating out of China. The report describes operations carried out on US soil to infiltrate and compromise critical infrastructure in various areas. Additionally, it details how individuals linked to this group operated unnoticed on US soil, by deploying sleeper cell techniques (i.e., self-sufficient and isolated cells) and keyboard techniques (working entirely online).

According to Microsoft, it can be said with moderate confidence that the group's campaign aimed to pursue "the development of capabilities that could disrupt critical communication infrastructure between the United States and the Asian region in future crises."

Volt Typhoon's activities in the United States date back at least to mid-2021, and they targeted multiple organizations spanning a multitude of economic areas: communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education.

Digitalization (bringing digital capabilities to tasks that would otherwise be analog) is a fact of our lives, as is its galloping increase: every year new products with added digital functionality appear. Given that this feature usually justifies the additional investment (due to cost savings, efficiency, convenience, or whatever else the market wants), analog and disconnected tools are gradually being phased out until they are relegated to oblivion or a niche. You would be surprised how much communication infrastructure already depends on digital systems.

Of course, the problem with digital systems is that they can be remotely hacked.

In a more concrete example, we see when Microsoft helped Ukraine disable the Russian malware installed on the country's tram infrastructure. The system had been infected with Wiper-type malware, capable of wiping out entire systems or vital files necessary for something like the train control system inoperable. This happened before the war. After the invasion, this same railway system evacuated several Ukrainian war refugees.

The problem here is that digitalization means greater possibilities for remote access, which in