Chinese Hacking Campaign Targets US Critical Infrastructure

China’s offensive cyber activity is moving beyond spying and data theft toward direct attacks on US critical infrastructure, according to  the directors of the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency (CISA) which have been widely reported.

Collectively, various US government agencies have disrupted a state-backed Chinese effort to plant malware intended to damage civilian infrastructure. In Particular, the FBI has warned that China is positioning itself to disrupt daily life in America were the US and China ever to engage in direct armed conflict. 

According to the FB, Chinese hacking group Volt Tyhoon is planting malware on network routers and other Internet-connected devices that, if triggered, could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans, . 

While Russia is known for cyber attacks that cause real-world harm such as targeting Ukrainian power plants China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. 

Microsoft has investigated Volt Typhoon and published a report in 2023 in which it concludes that. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.”

At a meeting with reporters in December 2023, a senior NSA official put the issue in starker terms. “They're in places that they are not there for intelligence purposes. They are not there for financial gain. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said. China is still undertaking those activities, “but this is unique in that it's prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something's flaring up in a different part of the world and they don't want us facing the foreign aspects of that,” the NSA official told reporters.

  • FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee  “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. 

“Now, China's hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities,” Wray said. Wray also disclosed that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.

  • CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption.  “The Chinese government got a little bit of a taste of this in the aftermath of the Russian-linked ransomware attack on the Colonial Pipeline in May of 2021, that shut down gas to the Eastern Seaboard for several days. Americans couldn't get to work. 

“They couldn't take their kids to school, get folks to the hospital. It caused a bit of panic. Now, imagine that on a massive scale. Imagine not one pipeline, but many pipelines disrupted. Telecommunications going down so people can't use their cell phone. People start getting sick from polluted water. Trains get derailed, air traffic control systems, port control systems are malfunctioning,” she said. 

Easterly remarked that the escalation of hacking operations shows that China is preparing the digital landscape for possible military activity, a huge leap from simple espionage and data theft.  

“It is Chinese military doctrine to attempt to induce societal panic in their adversary,” she said. “This is truly an Everything Everywhere, All at Once scenario. And it's one where the Chinese government believes that it will likely crush American will for the US to defend Taiwan in the event of a major conflict there.” she siad.

  • Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect US military operations, describing the potential impact as “significant.” 

“We need to provide a series of different options that our commander in the Indo-Pacific region would want to respond with communications and ability to be able to leverage our most lethal weapon systems,” Nakasone said.  

He remarked that “That is absolutely what we're trying to address. You can take away Volt Typhoon infrastructure, you can take away some of their tradecraft, but…they have a military need to do these things. They're going to come back and build new infrastructure. Find new tradecraft.”

US national security leaders believe China is vulnerable to negative public opinion and that diplomatic efforts can be used to persuade Chinese authorities that supporting groups like Volt Typhoon are an unacceptable risk. 

The high level dispute in 2023 over a Chinese spy balloon that drifted over US airspace and was shot down serves to demonstrate that not every event linked to Chinese military activity is a decision made by top leadership. Sometimes commanders undertake entrepreneurial operations and when those cause harm to China's reputation and higher authorities can can intervene to stop such behaviour. 

While China has repeatedly denounced the US government’s hacking allegations as being without foundation, General Nakasone  has said “responsible cyber actors” did not target civilian infrastructure.

Amit Yoran, formerly US National Security Division director and CEO of leading cybersecurity firm Tenable, commented that “This is a sobering warning from the US government’s top cybersecurity leaders about a clear and present danger... We're being told in the strongest possible terms that strategic adversaries are specifically and deliberately going after the vital services that underpin our daily lives...

" Action here needs to be a top priority. We didn’t know, we didn’t expect this, we didn’t take action, are all euphemisms for negligence.”

Microsoft:     FBI:     DefenseOne:    Wired:      Guardian:      WSJ:       CBS:     NBC:    

Image: Wesley Tingey

You Might Also Read:

Britain Removes Chinese Components From The National Grid:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Bolstering Resilience In The Age Of Expanding Threats
Pakistan Mobile Internet Is Cut Off On Election Day »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

World Informatix Cyber Security (WICS)

World Informatix Cyber Security (WICS)

World Informatix Cyber Security provides a range of cyber security services to protect valuable information assets to global business and governments.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Bedrock Systems

Bedrock Systems

BedRock Systems is on a mission to deliver a trusted computing base from edge to cloud, where safety and security isn’t just a perception, it’s a formally proven reality.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.