Chinese Hacking Campaign Targets US Critical Infrastructure

Uploaded on 2024-02-09 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, TECHNOLOGY--Hackers

China’s offensive cyber activity is moving beyond spying and data theft toward direct attacks on US critical infrastructure, according to  the directors of the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency (CISA) which have been widely reported.

Collectively, various US government agencies have disrupted a state-backed Chinese effort to plant malware intended to damage civilian infrastructure. In Particular, the FBI has warned that China is positioning itself to disrupt daily life in America were the US and China ever to engage in direct armed conflict. 

According to the FB, Chinese hacking group Volt Tyhoon is planting malware on network routers and other Internet-connected devices that, if triggered, could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans, . 

While Russia is known for cyber attacks that cause real-world harm such as targeting Ukrainian power plants China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. 

Microsoft has investigated Volt Typhoon and published a report in 2023 in which it concludes that. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.”

At a meeting with reporters in December 2023, a senior NSA official put the issue in starker terms. “They're in places that they are not there for intelligence purposes. They are not there for financial gain. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said. China is still undertaking those activities, “but this is unique in that it's prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something's flaring up in a different part of the world and they don't want us facing the foreign aspects of that,” the NSA official told reporters.

  • FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee  “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. 

“Now, China's hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities,” Wray said. Wray also disclosed that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.

  • CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption.  “The Chinese government got a little bit of a taste of this in the aftermath of the Russian-linked ransomware attack on the Colonial Pipeline in May of 2021, that shut down gas to the Eastern Seaboard for several days. Americans couldn't get to work. 

“They couldn't take their kids to school, get folks to the hospital. It caused a bit of panic. Now, imagine that on a massive scale. Imagine not one pipeline, but many pipelines disrupted. Telecommunications going down so people can't use their cell phone. People start getting sick from polluted water. Trains get derailed, air traffic control systems, port control systems are malfunctioning,” she said. 

Easterly remarked that the escalation of hacking operations shows that China is preparing the digital landscape for possible military activity, a huge leap from simple espionage and data theft.  

“It is Chinese military doctrine to attempt to induce societal panic in their adversary,” she said. “This is truly an Everything Everywhere, All at Once scenario. And it's one where the Chinese government believes that it will likely crush American will for the US to defend Taiwan in the event of a major conflict there.” she siad.

  • Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect US military operations, describing the potential impact as “significant.” 

“We need to provide a series of different options that our commander in the Indo-Pacific region would want to respond with communications and ability to be able to leverage our most lethal weapon systems,” Nakasone said.  

He remarked that “That is absolutely what we're trying to address. You can take away Volt Typhoon infrastructure, you can take away some of their tradecraft, but…they have a military need to do these things. They're going to come back and build new infrastructure. Find new tradecraft.”

US national security leaders believe China is vulnerable to negative public opinion and that diplomatic efforts can be used to persuade Chinese authorities that supporting groups like Volt Typhoon are an unacceptable risk. 

The high level dispute in 2023 over a Chinese spy balloon that drifted over US airspace and was shot down serves to demonstrate that not every event linked to Chinese military activity is a decision made by top leadership. Sometimes commanders undertake entrepreneurial operations and when those cause harm to China's reputation and higher authorities can can intervene to stop such behaviour. 

While China has repeatedly denounced the US government’s hacking allegations as being without foundation, General Nakasone  has said “responsible cyber actors” did not target civilian infrastructure.

Amit Yoran, formerly US National Security Division director and CEO of leading cybersecurity firm Tenable, commented that “This is a sobering warning from the US government’s top cybersecurity leaders about a clear and present danger... We're being told in the strongest possible terms that strategic adversaries are specifically and deliberately going after the vital services that underpin our daily lives...

" Action here needs to be a top priority. We didn’t know, we didn’t expect this, we didn’t take action, are all euphemisms for negligence.”

Microsoft:     FBI:     DefenseOne:    Wired:      Guardian:      WSJ:       CBS:     NBC:    

Image: Wesley Tingey

You Might Also Read:

Britain Removes Chinese Components From The National Grid:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Bolstering Resilience In The Age Of Expanding Threats
Pakistan Mobile Internet Is Cut Off On Election Day »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Simility

Simility

Simility's multi-layered fraud detection solution uses superior machine learning & device intelligence technology to safeguard your online businesses.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Fend

Fend

Fend secures smart infrastructure. We provide a robust, highly secure way to have situational awareness of IoT enabled assets.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

O'Reilly Media

O'Reilly Media

O’Reilly’s help professionals learn best practices and discover emerging trends that will shape the future of the tech industry.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.