Cybersecurity agencies in the U.S., the U.K., Canada, Australia and New Zealand—an intelligence-sharing group of countries known as the Five Eyes—said a Chinese state-sponsored actor is employing a tactic known as “living off the land,” which involves using built-in network administration tools to gain access to systems. The activity blends in with normal Windows system activities, allowing the actor to evade detection. The campaign is impacting communications, manufacturing, transportation, maritime and other sectors in parts of the U.S. and Guam, the American territory that hosts major military installations in the Pacific, according to a blog post from Microsoft, publisher of the Windows operating system. The tech giant said the Chinese actor, known as Volt Typhoon, is pursuing capabilities that could disrupt communication infrastructure between the U.S. and Asia in a future crisis.

China has consistently denied carrying out cyberattacks and has accused the U.S. of being the biggest culprit of such efforts…By gaining access to a system through the “living off the land” approach—and maintaining that access while remaining undetected—hackers can glean intelligence about how the system operates. It could also give them the ability to disrupt the system later with no warning—though the intent could just be information gathering…

Excerpts from Mike Cherney and Austin Ramzy, Hack Hurts Bid for Beijing Reset, WSJ, May 26, 2023