A Chinese-sponsored hacking campaign targeting critical infrastructure in Guam and other locations within the United States is “of real concern,” Microsoft president Brad Smith warned.
Microsoft revealed the hacking operation, code-named “Volt Typhoon,” on Wednesday, saying it could disrupt communications between the U.S. and Asia during a future potential conflict. The operation has been active for about two years.
“What we found was what we think of as network intrusions, the prepositioning of code. It’s something that we’ve seen in terms of activity before,” Smith said in an interview with “Face the Nation.” “This does represent the focus on critical infrastructure in particular, and that’s obviously of real concern.”
Microsoft said Wednesday it had not detected any offensive attacks from the operation, but noted that Chinese intelligence and military hackers generally focus on espionage and the collection of information rather than destruction.
Smith declined to give specifics on how the operation had come to light, and whether it was Microsoft that alerted U.S. spy agencies to the operation.
“I don’t want to go too deep into that,” he said. “We certainly have found a good deal of this ourselves. I don’t think we’re the only ones that have been looking. We do share information, as you would expect. I don’t know that we’re the only ones who have found it either.
“The good news is we have a pretty broad-based ability, not just as a company, but as an industry and a country to detect this kind of activity,” he added.
The New York Times reported that U.S. intelligence agencies uncovered the malware in February, around the same time the U.S. shot down a Chinese spy balloon. The malware appearing in telecommunications systems in Guam and elsewhere in the U.S. reportedly alarmed U.S. officials because of the critical role Guam would play in the U.S. military response to China’s potential invasion of Taiwan.
Smith said making the operation public is important to educating the affected sectors, and also to holding the perpetrators accountable.
“I do think we live in a world where, frankly, there needs to be some level of accountability for anyone that is engaged in activity that forms this kind of threat or danger,” Smith said. “And so there is a need for public transparency in that vein as well.”