Information is power, no doubt about it. That makes hackers a necessary asset for many companies and governments. On the one hand, they are the ones who detect vulnerabilities and warn about them, and on the other hand, they are the ones who are fighting the crackers, that is, the bad hackers. Now a group of hackers allegedly linked to the Chinese government have broken into key infrastructure in the US and Guam has stolen network credentials and sensitive data, as noted by Microsoft and the US government and four other countries.

The group, identified by Microsoft as Volt Typhoon, has been active for at least two years with a focus on espionage and intelligence gathering for the People’s Republic of China, according to Microsoft. To maintain their anonymity, the members of the Volt Typhoon use the tools already installed or embedded in the device infected they control.

The information was not only disclosed by Bill Gates’ company, they also participated announcement as FBI, Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber ​​Security Center (ACSC), their Canadian, UK and New Zealand partners.

Hackers also hide their activities by using compromised home and office routers. objective according to Microsoft Formerly “disrupt critical communications infrastructure between the United States and the Asian region during future crises.

In most cases, the Volt Typhoon accesses compromised systems by logging in with valid credentials, just as an authorized user would. However, in a small number of cases, Microsoft has observed that Volt Typhoon operators create proxies (computer equipment that essentially acts as an intermediary between servers) on compromised systems to facilitate access. Then, order the Volt Typhoon creation and subsequent deletion of a proxy port in a compromised system. Later, those in charge of Volt Typhoon removed the proxy from the compromised system and left no trace of its path there.

The affected industries include communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education. Notices provide guidance for Clean up compromised networks.