On Wednesday, it was announced that cyber infrastructure in the US across multiple industries has been compromised by Chinese state-sponsored hackers, who are mainly interested in intelligence gathering.

According to a recent Microsoft advisory, a group of hackers from China known as “Volt Typhoon” has been active since mid-2021. The group’s objective appears to be disrupting crucial communication infrastructure between the United States and Asia, which could hamper response efforts during future crises.

On Wednesday, the National Security Agency released a notification that explains the method of the cyber attack and provides guidance on how to react to it to cybersecurity teams.

According to Microsoft’s advisory, the ongoing attack is still ongoing, and affected customers are advised to close or change their login details for any accounts that have been compromised.

The New York Times reported that U.S. intelligence agencies were informed of the intrusion in February, which coincided with the time when a Chinese spy balloon was shot down.

During a press conference held on Thursday in Beijing, the representative from the Chinese Ministry of Foreign Affairs branded the report and warnings as “misleading” and accused the U.S of being the leading culprit in cyber espionage. Furthermore, the spokesperson alleged that the Five Eyes intelligence alliance, which comprises of Australia, Canada, New Zealand, the U.K., and the U.S., orchestrated the report as a part of a joint effort.

According to the Times, the infiltration targeted communication infrastructure in several parts of the U.S., including Guam. The U.S. intelligence officials found this concerning because Guam plays a critical role in the American military’s response plan in the event of a potential attack on Taiwan.

Microsoft has reported that Volt Typhoon has been found to be using a security breach in a well-known cybersecurity software called FortiGuard to infiltrate companies. Once the hackers have successfully entered a system, they obtain user credentials from the compromised security suite and leverage them to gain unauthorized access to other corporate systems.

According to Microsoft, state-affiliated cyber attackers are mainly focused on conducting their activities secretly without causing any disruptions. Instead, their primary intention is to carry out espionage by maintaining uninterrupted access for the longest possible time without being detected.

According to Microsoft, a lot of crucial areas have been affected by infrastructure disruptions, which includes but is not limited to the telecom, transportation, and shipping industries. Additionally, even government entities were not spared from these disruptions.

On Thursday, the China Daily newspaper with government backing rejected Microsoft’s analysis and the warnings from the intelligence community as “political propaganda” in an editorial.

The Cybersecurity and Infrastructure Security Agency, in collaboration with both foreign and domestic intelligence services, recently cautioned that Chinese cyber-attacks remain a persistent threat to the safeguarding of American intellectual property.

In a statement, Director Jen Easterly of the Cybersecurity and Infrastructure Security Agency (CISA) noted that China has engaged in persistent cyber attacks with the goal of acquiring intellectual property and confidential information from various organizations worldwide.