Chinese Hacking Campaign Targets US Critical Infrastructure

Uploaded on 2024-02-09 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, TECHNOLOGY--Hackers

China’s offensive cyber activity is moving beyond spying and data theft toward direct attacks on US critical infrastructure, according to  the directors of the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency (CISA) which have been widely reported.

Collectively, various US government agencies have disrupted a state-backed Chinese effort to plant malware intended to damage civilian infrastructure. In Particular, the FBI has warned that China is positioning itself to disrupt daily life in America were the US and China ever to engage in direct armed conflict. 

According to the FB, Chinese hacking group Volt Tyhoon is planting malware on network routers and other Internet-connected devices that, if triggered, could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans, . 

While Russia is known for cyber attacks that cause real-world harm such as targeting Ukrainian power plants China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. 

Microsoft has investigated Volt Typhoon and published a report in 2023 in which it concludes that. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.”

At a meeting with reporters in December 2023, a senior NSA official put the issue in starker terms. “They're in places that they are not there for intelligence purposes. They are not there for financial gain. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said. China is still undertaking those activities, “but this is unique in that it's prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something's flaring up in a different part of the world and they don't want us facing the foreign aspects of that,” the NSA official told reporters.

  • FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee  “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. 

“Now, China's hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities,” Wray said. Wray also disclosed that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.

  • CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption.  “The Chinese government got a little bit of a taste of this in the aftermath of the Russian-linked ransomware attack on the Colonial Pipeline in May of 2021, that shut down gas to the Eastern Seaboard for several days. Americans couldn't get to work. 

“They couldn't take their kids to school, get folks to the hospital. It caused a bit of panic. Now, imagine that on a massive scale. Imagine not one pipeline, but many pipelines disrupted. Telecommunications going down so people can't use their cell phone. People start getting sick from polluted water. Trains get derailed, air traffic control systems, port control systems are malfunctioning,” she said. 

Easterly remarked that the escalation of hacking operations shows that China is preparing the digital landscape for possible military activity, a huge leap from simple espionage and data theft.  

“It is Chinese military doctrine to attempt to induce societal panic in their adversary,” she said. “This is truly an Everything Everywhere, All at Once scenario. And it's one where the Chinese government believes that it will likely crush American will for the US to defend Taiwan in the event of a major conflict there.” she siad.

  • Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect US military operations, describing the potential impact as “significant.” 

“We need to provide a series of different options that our commander in the Indo-Pacific region would want to respond with communications and ability to be able to leverage our most lethal weapon systems,” Nakasone said.  

He remarked that “That is absolutely what we're trying to address. You can take away Volt Typhoon infrastructure, you can take away some of their tradecraft, but…they have a military need to do these things. They're going to come back and build new infrastructure. Find new tradecraft.”

US national security leaders believe China is vulnerable to negative public opinion and that diplomatic efforts can be used to persuade Chinese authorities that supporting groups like Volt Typhoon are an unacceptable risk. 

The high level dispute in 2023 over a Chinese spy balloon that drifted over US airspace and was shot down serves to demonstrate that not every event linked to Chinese military activity is a decision made by top leadership. Sometimes commanders undertake entrepreneurial operations and when those cause harm to China's reputation and higher authorities can can intervene to stop such behaviour. 

While China has repeatedly denounced the US government’s hacking allegations as being without foundation, General Nakasone  has said “responsible cyber actors” did not target civilian infrastructure.

Amit Yoran, formerly US National Security Division director and CEO of leading cybersecurity firm Tenable, commented that “This is a sobering warning from the US government’s top cybersecurity leaders about a clear and present danger... We're being told in the strongest possible terms that strategic adversaries are specifically and deliberately going after the vital services that underpin our daily lives...

" Action here needs to be a top priority. We didn’t know, we didn’t expect this, we didn’t take action, are all euphemisms for negligence.”

Microsoft:     FBI:     DefenseOne:    Wired:      Guardian:      WSJ:       CBS:     NBC:    

Image: Wesley Tingey

You Might Also Read:

Britain Removes Chinese Components From The National Grid:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Bolstering Resilience In The Age Of Expanding Threats
Pakistan Mobile Internet Is Cut Off On Election Day »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Careers in Cyber Security (CiCS)

Careers in Cyber Security (CiCS)

CareersinCyberSecurity is a leading global job board and career resource for Cyber Security, IT Audit, Technology Risk and Data Protection professionals.

SIGA

SIGA

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company.

Six Degrees Group

Six Degrees Group

Six Degrees is a specialist managed IT services organisation offering a range of solutions including Managed Security Services.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

Internet Security Research Group (ISRG)

Internet Security Research Group (ISRG)

ISRG's mission is to reduce financial, technological, and educational barriers to secure communication over the Internet.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Cyber Suraksa

Cyber Suraksa

We make security simple and hassle-free by offering a sustained and secure IT environment with next-gen cybersecurity solutions through a scalable security-as-a-service model.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

Coastline Cybersecurity

Coastline Cybersecurity

Coastline Cyber is a cybersecurity consulting firm dedicated to helping organizations strengthen their security posture by reducing risks, mitigating threats, and protecting against attacks.