State-sponsored hackers from China have been targeting U.S. critical infrastructure, cybersecurity officials from around the world, including Canada, warned Wednesday (May 24) in a co-ordinated effort to root out the perpetrators.

The Canadian Centre for Cyber Security was just one of several international agencies, all of them part of the Five Eyes intelligence alliance, that took part in amplifying the alert issued by the U.S. National Security Agency.

The discovery of what the NSA described as 鈥渋ndicators of compromise鈥� was first made by Microsoft and attributed to Volt Typhoon, a Chinese state actor that the company said has been active since mid-2021.

Volt Typhoon 鈥渢ypically focuses on espionage and information gathering,鈥� the software giant warned in its own threat assessment.

鈥淢icrosoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.鈥�

Rob Joyce, the director of cybersecurity for the NSA, described the style of attack as 鈥渓iving off the land鈥� 鈥� using existing network tools and valid credentials to better avoid detection.

鈥淎 (People鈥檚 Republic of China) state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind,鈥� Joyce said in a statement.

鈥淭hat makes it imperative for us to work together to find and remove the actor from our critical networks.鈥�

The Microsoft report describes stealth as one of the interloper鈥檚 key goals in order to maintain access to the target network, which is why it relies on existing administrative tools and 鈥渉ands-on-keyboard鈥� activity to avoid detection.

鈥淚n addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware.鈥�

Microsoft said Volt Typhoon has already targeted infrastructure facilities around the U.S., including in Guam, where the U.S. maintains an air force base and naval port, both of which are central elements of its military presence in the Pacific Ocean.

Pentagon officials also believe Guam and its military installations were among the principal targets of the Chinese spy balloon that was shot down in February after a week of drifting through North American airspace.

Canadian officials say there have been no reports of any systems inside Canada being targeted.

鈥淭he Canadian Centre for Cyber Security joins its international partners in sharing this newly identified threat and accompanying mitigation measures with critical infrastructure sectors,鈥� agency head Sami Khoury said in a statement.

鈥淭he interconnected nature of our infrastructures and economies highlights the importance of working together with our allies to identify and share real-time threat information.鈥�

Other agencies taking part in Wednesday鈥檚 announcement included the U.S. Cybersecurity and Infrastructure Security Agency, the FBI and cybersecurity agencies in Australia, New Zealand and the U.K.

鈥淔or years, China has conducted operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations around the globe,鈥� said CISA director Jen Easterly.

鈥�(Wednesday鈥檚) advisory, put out in conjunction with our U.S. and international partners, reflects how China is using highly sophisticated means to target our nation鈥檚 critical infrastructure.鈥�

James McCarten, The Canadian Press

Like us on and follow us on .