Cybersecurity agencies from Canada, the U.S., Australia, New Zealand and the U.K., known as the Five Eyes, issued an alert about a cyber attack sponsored by China.
“This Alert is intended for IT professionals and managers of notified organizations,” according to the Canadian Centre for Cyber Security statement,
The 24-page joint advisory said some software and hardware components, like routers, can be affected.
The advisory claims private sector companies identified a hacker group sponsored by China, known as Volt Typhoon, is targeting critical U.S. infrastructure. Tactics include erasing its trail and uses built-in tools for its objectives.
The Chinese government denied the accusations and said the hacker was the U.S., Reuters reported.
Microsoft also issued a statement offering recommendations, including changing passwords and using multi-factor authentication, to protect network systems.
Volt Typhoon attack diagram by Microsoft, from May 24, 2023. Photo credit: Microsoft / www.microsoft.com
Professor of international relations and political science in the University of Toronto Aurel Braun said the involvement of the Five Eyes means it is broad attack and not aimed at specific cyber infrastructures.
“This is important, particularly for the United States, because they don’t want this to be seen just as some kind of bilateral dispute,” Braun said.
Professor of International Relations and political science university of Toronto and Associate of Davis Center at Harvard University Aurel Braun, on May 2025, 2023. Photo credit: Antonio Peláez Barceló
Braun, who’s also an associate at Davis Center at Harvard University, said the Chinese reaction by saying the U.S. is the hacker in this case is known in psychology as projection. It’s been a diplomatic tactic used since the Soviet Union.
“Should we do something about it? We should’ve done it yesterday,” he said.
In addition, he said Canada and the U.S. should apply tactics applied by Estonia, which created “sort of cyber SWAT teams which can go in…and they have developed a huge number of skills of how to defend against cyber attacks.”
Braun said Canada has to protect important assets such as its electrical network, which is susceptible.
“We need to have the capacity to also inflict a cyber damage to them,” he said.
Associate Dean of Continuous Professional Learning at Humber College Francis Syms said nothing is free and people should be careful about giving their data on the internet.
Syms, who’s also professor of cybersecurity, said that every 39 seconds there is a cyber attack and around 98 per cent of them are based on social engineering, which is “effectively tricking somebody to do something they shouldn’t when it comes to cybersecurity.”
Francis Syms, Associate Dean of Continuous Professional Learning at Humber, professor of cybersecurity and founder of The Joule Group. Photo credit: Francis Syms
The reasons for an attack like the one reported by the Five Eyes include surveillance, disruption, and a monetary gain, he said.
Both Braun and Syms warned about the use of Chinese technology, including platforms like TikTok.
“In China, the government passed a law several years ago that if there’s any national security threat or perceived threat, the government can seize records from any Chinese company at any time,” Syms said.