Chinese Hacking Campaign Targets US Critical Infrastructure

China’s offensive cyber activity is moving beyond spying and data theft toward direct attacks on US critical infrastructure, according to  the directors of the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency (CISA) which have been widely reported.

Collectively, various US government agencies have disrupted a state-backed Chinese effort to plant malware intended to damage civilian infrastructure. In Particular, the FBI has warned that China is positioning itself to disrupt daily life in America were the US and China ever to engage in direct armed conflict. 

According to the FB, Chinese hacking group Volt Tyhoon is planting malware on network routers and other Internet-connected devices that, if triggered, could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans, . 

While Russia is known for cyber attacks that cause real-world harm such as targeting Ukrainian power plants China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. 

Microsoft has investigated Volt Typhoon and published a report in 2023 in which it concludes that. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.”

At a meeting with reporters in December 2023, a senior NSA official put the issue in starker terms. “They're in places that they are not there for intelligence purposes. They are not there for financial gain. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said. China is still undertaking those activities, “but this is unique in that it's prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something's flaring up in a different part of the world and they don't want us facing the foreign aspects of that,” the NSA official told reporters.

  • FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee  “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. 

“Now, China's hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities,” Wray said. Wray also disclosed that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.

  • CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption.  “The Chinese government got a little bit of a taste of this in the aftermath of the Russian-linked ransomware attack on the Colonial Pipeline in May of 2021, that shut down gas to the Eastern Seaboard for several days. Americans couldn't get to work. 

“They couldn't take their kids to school, get folks to the hospital. It caused a bit of panic. Now, imagine that on a massive scale. Imagine not one pipeline, but many pipelines disrupted. Telecommunications going down so people can't use their cell phone. People start getting sick from polluted water. Trains get derailed, air traffic control systems, port control systems are malfunctioning,” she said. 

Easterly remarked that the escalation of hacking operations shows that China is preparing the digital landscape for possible military activity, a huge leap from simple espionage and data theft.  

“It is Chinese military doctrine to attempt to induce societal panic in their adversary,” she said. “This is truly an Everything Everywhere, All at Once scenario. And it's one where the Chinese government believes that it will likely crush American will for the US to defend Taiwan in the event of a major conflict there.” she siad.

  • Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect US military operations, describing the potential impact as “significant.” 

“We need to provide a series of different options that our commander in the Indo-Pacific region would want to respond with communications and ability to be able to leverage our most lethal weapon systems,” Nakasone said.  

He remarked that “That is absolutely what we're trying to address. You can take away Volt Typhoon infrastructure, you can take away some of their tradecraft, but…they have a military need to do these things. They're going to come back and build new infrastructure. Find new tradecraft.”

US national security leaders believe China is vulnerable to negative public opinion and that diplomatic efforts can be used to persuade Chinese authorities that supporting groups like Volt Typhoon are an unacceptable risk. 

The high level dispute in 2023 over a Chinese spy balloon that drifted over US airspace and was shot down serves to demonstrate that not every event linked to Chinese military activity is a decision made by top leadership. Sometimes commanders undertake entrepreneurial operations and when those cause harm to China's reputation and higher authorities can can intervene to stop such behaviour. 

While China has repeatedly denounced the US government’s hacking allegations as being without foundation, General Nakasone  has said “responsible cyber actors” did not target civilian infrastructure.

Amit Yoran, formerly US National Security Division director and CEO of leading cybersecurity firm Tenable, commented that “This is a sobering warning from the US government’s top cybersecurity leaders about a clear and present danger... We're being told in the strongest possible terms that strategic adversaries are specifically and deliberately going after the vital services that underpin our daily lives...

" Action here needs to be a top priority. We didn’t know, we didn’t expect this, we didn’t take action, are all euphemisms for negligence.”

Microsoft:     FBI:     DefenseOne:    Wired:      Guardian:      WSJ:       CBS:     NBC:    

Image: Wesley Tingey

You Might Also Read:

Britain Removes Chinese Components From The National Grid:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Bolstering Resilience In The Age Of Expanding Threats
Pakistan Mobile Internet Is Cut Off On Election Day »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

CloudAlly

CloudAlly

CloudAlly provides online cloud to cloud backup and recovery solutions, which backs up daily changes in your SaaS to unlimited Amazon S3 storage and makes it available for restore or export.

Agesic

Agesic

Agesic is an institution that leads the development of the Digital Government and the Information and Knowledge Society in Uruguay.

The ai Corporation

The ai Corporation

The ai Enterprise Fraud Solution is an on-prem or cloud-based self-service, machine learning fraud detection and prevention tool set.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.