Delinea's Joseph Carson said the campaign is 'alarming'.
Microsoft has discovered malicious activity by Volt Typhoon, a state-sponsored threat actor based in China, aimed at U.S. critical infrastructure organizations.
The campaign is focused on post-compromise credential access and network system discovery. Volt Typhoon typically focuses on espionage and information gathering.
Volt Typhoon is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises, according to Microsoft.
The threat actor has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, IT and education sectors.
Observed behavior suggests the threat actor intends to perform espionage and maintain access without being detected for as long as possible.