Microsoft sounds alarm on cyberspy group now targeting critical US infrastructure

Microsoft has issued a threat alert for a foreign government-linked cyber spy group currently targeting critical United States infrastructure.

Microsoft sounds alarm on cyberspy group now targeting critical US infrastructure
Comment IconFacebook IconX IconReddit Icon
Junior Editor
Published
2 minutes read time
TL;DR: Microsoft Threat Intelligence reports that a Chinese espionage group, Storm-0227, is targeting critical US infrastructure, including telecommunications, financial, and legal sectors. Active since January, the group exploits security vulnerabilities and uses spear-phishing to deploy SparkRAT for data extraction. The attacks have increased significantly, posing a persistent threat.

Microsoft Threat Intelligence has warned that a Chinese government espionage hacking group is targeting critical US infrastructure, such as telecommunications networks, financial and legal services industries, and government and non-government agencies.

Microsoft sounds alarm on cyberspy group now targeting critical US infrastructure 56561156

Sherrod DeGrippo, the director of threat intelligence strategy at Microsoft, spoke with The Register, saying the new group Microsoft is tracking under the moniker "Storm-0227" began targeting critical US infrastructure as soon as yesterday. DeGrippo says the group has been active since January but didn't say its total number of victims. Notably, DeGrippo said the group's members have some overlap with Silk Typhoon, a notorious Chinese government-affiliated hacking group known for healthcare, law firms, higher education, defense contractors, and non-governmental organizations.

Furthermore, over the past 12 months, Microsoft has seen a significant increase in the frequency of attacks by Chinese hacking groups. As for how the hacking is done, The Register reports Storm-0227 typically infiltrates a system by exploiting security vulnerabilities in public-facing applications and spear-fishing emails that contain contaminated links or attachments. The objective of Storm-0227 is to get a victim to click on a document that automatically downloads SparkRAT, an open-source remote administration tool that enables the controller administrative access to a machine.

"If you have the email communications that go with that file, and reference that file, and talk about what the point of it is, and why they're using it, what it means, and why I'm sending this to you - it gives a richness to the intelligence gathering that the threat actor is doing," she said

Once a machine is infiltrated, the hacking group begins scraping any valuable data, such as credentials to cloud applications, documents, passwords, financial records, etc.

"They're a significant threat, particularly because they really do embody the activity of persistence," DeGrippo said. "China continues to focus on these kinds of targets. They're pulling out files that are of espionage value, communications that are contextual espionage value to those files, and looking at US interests."

Photo of the Lenovo IdeaPad 5X 2-in-1 Copilot+
Best Deals: Lenovo IdeaPad 5X 2-in-1 Copilot+
Country flag Today 7 days ago 30 days ago
$799.98 USD -
Buy
$769.99 USD -
Buy
$799.98 USD -
Buy
- $1039 CAD
Buy
£1410.62 -
Buy
$799.98 USD -
Buy
* Prices last scanned on 1/14/2025 at 9:16 am CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.

Junior Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Related Topics

Newsletter Subscription