Chinese hackers seeking to disrupt communications between US and Asia in event of crisis, Microsoft says

(CNN) — Chinese government-backed hackers are likely pursuing cyber capabilities that could be used to “disrupt critical communications” between the US and the Asia Pacific region in the event of a future US-China crisis, Microsoft warned on Wednesday.

The Chinese hackers have been active since mid-2021 and targeted critical infrastructure organizations in the US territory of Guam and in other parts of the US as part of a stealthy spying and information gathering campaign, Microsoft said in a new report. Organizations targeted by the hackers cover the maritime, transportation and government sectors, among others.

The Microsoft report underscores the key role that cyber operations might play in present and future US-China power competition and territorial disputes in the Pacific. China has claimed a growing list of territories in the Pacific in recent years in what US officials view as alarming expansionism from Beijing.

In a separate advisory released Wednesday, the FBI, National Security Agency and other US and Western security agencies said they believe the Chinese hackers could apply the same stealthy techniques against critical sectors “worldwide.”

Microsoft declined to comment beyond its public blog post Wednesday when CNN asked for specific information supporting the tech firm’s conclusion that Chinese hackers were preparing disruptive capabilities for future crises.

“The allegation by the US side that the Chinese government is ‘supporting hacking’ is completely distorting the truth,” Liu Pengyu, spokesperson for the Chinese Embassy in Washington, DC, said in an email Wednesday night when asked for comment on the Microsoft report.

US officials regularly cite China as the most persistent and prolific government hacking threat facing the US.

Chinese hackers are too frequently going “unidentified and undeterred” in their infiltrations of US organizations, Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said in February.

US officials are also concerned that Chinese hackers have created footholds in Taiwan’s critical infrastructure that Beijing may use to disrupt key services like electricity in the event of a Chinese invasion of Taiwan, a senior US defense official told reporters in March.

The defense official, who spoke on the condition of anonymity, compared the Chinese probing of Taiwanese infrastructure to how Russia previously used its hackers to burrow into Ukrainian’s electric sector. Russian military hackers cut power twice in Ukraine in landmark attacks in 2015 and 2016, according to the US Justice Department and private experts.

“Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect,” said John Hultquist, chief analyst at security firm Mandiant, which is owned by Google. “China has done the same in the past, targeting the oil and gas sector.

“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” Hultquist said. The Microsoft report “is a rare opportunity to investigate and prepare for this threat.”