Chinese government-backed hackers are likely pursuing cyber capabilities that could be used to “disrupt critical communications” between the US and the Asia Pacific region in the event of a future US-China crisis, Microsoft warned on Wednesday.
The Chinese hackers have been active since mid-2021 and targeted critical infrastructure organizations in the US territory of Guam and in other parts of the US as part of a stealthy spying and information gathering campaign, Microsoft said in a new report. Organizations targeted by the hackers cover the maritime, transportation, communications, utility and government sectors, among others.
In a separate advisory released Wednesday, the FBI, National Security Agency and other US and Western security agencies said they believe the Chinese hackers could apply the same stealthy techniques against critical sectors “worldwide.”
Beijing hit back against the allegations Thursday, calling them “a collective disinformation campaign of the Five Eyes coalition” – referring to the intelligence sharing grouping made up of the US, Britain, Canada, Australia and New Zealand, whose security agencies jointly issued the advisory.
“The United States is expanding new channels to spread disinformation. This is not the first time, and it will not be the last,” Mao said.
The findings from Microsoft – and subsequent backlash – underscore the key role that cyber operations might play in present and future US-China power competition and territorial disputes in the Pacific.
China has grown increasingly aggressive in the region, including militarizing islands to assert contested claims in the South China Sea, in recent years in what US officials view as alarming expansionism from Beijing.
Microsoft declined to comment beyond its public blog post Wednesday when CNN asked for specific information supporting the tech firm’s conclusion that Chinese hackers were preparing disruptive capabilities for future crises.
China’s Embassy in Washington, DC also disputed the allegations.
“The allegation by the US side that the Chinese government is ‘supporting hacking’ is completely distorting the truth,” embassy spokesman Liu Pengyu said in an email Wednesday night when asked for comment on the Microsoft report.
US officials regularly cite China as the most persistent and prolific government hacking threat facing the US.
Chinese hackers are too frequently going “unidentified and undeterred” in their infiltrations of US organizations, Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said in February.
US officials are also concerned that Chinese hackers have created footholds in Taiwan’s critical infrastructure that Beijing may use to disrupt key services like electricity in the event of a Chinese invasion of Taiwan, a senior US defense official told reporters in March.
The defense official, who spoke on the condition of anonymity, compared the Chinese probing of Taiwanese infrastructure to how Russia previously used its hackers to burrow into Ukrainian’s electric sector. Russian military hackers cut power twice in Ukraine in landmark attacks in 2015 and 2016, according to the US Justice Department and private experts.
“Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect,” said John Hultquist, chief analyst at security firm Mandiant, which is owned by Google. “China has done the same in the past, targeting the oil and gas sector.
“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks,” Hultquist said. The Microsoft report “is a rare opportunity to investigate and prepare for this threat.”
This story has been updated with additional information.
CNN’s Beijing bureau contributed to this report