While Chinese hackers are known to spy on Western countries, this is one of the largest known cyber-espionage campaigns against American critical infrastructure.

“A PRC (People’s Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind,” NSA Cybersecurity Director Rob Joyce said in a statement.

Such “living off the land” spy techniques are harder to detect as they use “capabilities already built into critical infrastructure environments,” he added.

The Chinese embassy in Washington did not immediately respond to a Reuters request for comment.

Microsoft said the Chinese group, which it dubbed “Volt Typhoon”, has been active since at least 2021 and has targeted a number of industries including communications, manufacturing, utility, transport, construction, maritime, government, information technology, and education.

Chinese hackers blamed for cyberattacks in US, Canada

As opposed to using traditional hacking techniques, which often involve tricking a victim into downloading malicious files, Microsoft said this group infects a victim’s existing systems to find information and extract data.

Analysts assessed with “moderate confidence” that this Chinese campaign was developing capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises, Microsoft added.

Guam is home to US military facilities that would be key to responding to any conflict in the Asia-Pacific region.

Canada’s cybersecurity agency separately said it had no reports of Canadian victims of this hacking as yet. “However, western economies are deeply interconnected,” it added. “Much of our infrastructure is closely integrated and an attack on one can impact the other.”

The UK similarly warned the techniques used by the Chinese hackers on US networks could be applied worldwide.