2 min read

How Microsoft Outed the Chinese Communist Party

The power of disclosure.

If the increasingly totalitarian Chinese Community Party (CCP) has a superpower, it is this: Xi and crew make untouchable men feel vulnerable.

From professional sports to corporate America, public cowardice is so prevalent[1] that small acts of defiance are worth celebrating. Here is one example.

Planning for future crises

The lingering questions related to critical infrastructure risk, a topic I have covered for years, are always related to attribution: who were the attackers, who sponsored the attackers, and so on.

Microsoft's recently released report does not have this problem. The report, detailing a sophisticated attack on critical infrastructure in the United States, opens by identifying both the sponsor (CCP) and the attacker (Volt Typhoon).

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.

It then describes the duration and scope of the CCP-sponsored attack.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

And, in a line that sends the mind reeling, reveals when Xi would exploit those vulnerabilities.

Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Why naming names works

To its credit, Microsoft did not equivocate or hide behind weasel words despite what is sure to be a harsh CCP response. Quite the opposite, identifying the CCP early [2] and throughout.

And by going public, Microsoft forced the world's superpowers to respond and guaranteed Volt Typhoon became a permanent entry in the public record.

  1. A direct response from the U.S. government.

A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind. That makes it imperative for us to work together to find and remove the actor from our critical networks.

  1. A less-direct response from the Chinese government.

On Thursday, the Chinese foreign ministry hit back at the allegations, saying they “lacked evidence” and accused the US of being a “hacker empire”. They added that “the involvement of certain companies” in the warning “shows that the US is expanding channels for disseminating false information”.

Both responses are noteworthy because, once in the wild, formal government statements cannot be ignored, debated, or called into question.

Allies matter

What is a belief shared by history's great Jesuits, titans, and spies[3]?

The battle-tested truth that, now and always, allies matter.


5eyesblog


  1. This site's archive is filled with back-handed realizations of many ambitious men. ↩︎

  2. The righteous never bury the lede. ↩︎

  3. The Five Eyes alliance – a deeply integrated partnership between U.S., Canada, Australia, New Zealand, and U.K intelligence – were quick to follow Microsoft's lead with an advisory that ... named names. ↩︎