The U.S. Navy was a victim of the Chinese state-sponsored hack revealed by Microsoft on Wednesday, Secretary of the Navy Carlos Del Toro said on CNBC.
In an interview with host Morgan Brennan on Thursday, Del Toro revealed the Navy “has been impacted” by the cyberattacks and said it was “no surprise that China has been behaving in this manner, not just for the last couple years, but for decades.”
He did not provide further information on the extent of the incursion. Fox Business has contacted the Department of Defense for comment but did not hear back before publication.
Microsoft said in a Wednesday post that the company had “uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.”
“The attack is carried out by Volt Typhoon,” Microsoft said. Volt Typhoon is a Chinese state-sponsored actor that focuses on “espionage and information gathering.”
The targets include sites in Guam, where the U.S. has a major military presence, the company said.
Microsoft determined with “moderate confidence” that the Volt Typhoon hacking campaign is “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
U.S. and international cybersecurity authorities confirmed the attack in a joint Cybersecurity Advisory (CSA) warning. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) said Volt Typhoon, which is linked to the People’s Republic of China, “could apply the same techniques” against infrastructure networks across the U.S. and “other sectors worldwide.”
The agency recommended organizations take steps to tighten up their cybersecurity in light of the threat, such as hardening domain controllers, monitoring event logs, limiting port proxy usage, investigating any unusual IP addresses and reviewing firewall configurations.
Microsoft said the intrusion campaign placed a “strong emphasis on stealth” and sought to blend into normal network activity by hacking small-office network equipment, including routers. It said the intruders gained initial access through internet-facing Fortiguard devices, which are engineered to use machine learning to detect malware.
China’s Foreign Ministry denied involvement in the hacking attempt.
“We noted this extremely unprofessional report – a patchwork with a broken chain of evidence,” said Foreign Ministry Spokesperson Mao Ning on Thursday. “We also noted that the US National Security Agency (NSA) and the cybersecurity agencies of the UK, Australia, Canada and New Zealand, almost simultaneously issued similar reports. Apparently, this has been a collective disinformation campaign launched by the US through the Five Eyes to serve its geopolitical agenda.”
Ning went on to accuse the United States of spreading “disinformation.”