Chinese Hacking Campaign Targets US Critical Infrastructure

China’s offensive cyber activity is moving beyond spying and data theft toward direct attacks on US critical infrastructure, according to  the directors of the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency (CISA) which have been widely reported.

Collectively, various US government agencies have disrupted a state-backed Chinese effort to plant malware intended to damage civilian infrastructure. In Particular, the FBI has warned that China is positioning itself to disrupt daily life in America were the US and China ever to engage in direct armed conflict. 

According to the FB, Chinese hacking group Volt Tyhoon is planting malware on network routers and other Internet-connected devices that, if triggered, could disrupt water, power, and rail services, possibly causing widespread chaos or even injuring and killing Americans, . 

While Russia is known for cyber attacks that cause real-world harm such as targeting Ukrainian power plants China is viewed as far more risk-averse. It’s best known for cyber theft, of intellectual property or government information, such as the Office of Personnel Management hack uncovered in 2015. 

Microsoft has investigated Volt Typhoon and published a report in 2023 in which it concludes that. “Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States... The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.”

At a meeting with reporters in December 2023, a senior NSA official put the issue in starker terms. “They're in places that they are not there for intelligence purposes. They are not there for financial gain. Those are two hallmarks of Chinese intrusions in other sets and other lanes,” the official said. China is still undertaking those activities, “but this is unique in that it's prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on, you know, a domestic incident at a time when something's flaring up in a different part of the world and they don't want us facing the foreign aspects of that,” the NSA official told reporters.

  • FBI Director Christopher Wray underscored the seriousness to lawmakers on the House Select Committee  “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems, and the risk that poses to every American requires our attention. 

“Now, China's hackers are positioning on American infrastructure, in preparation to wreak havoc and cause real-world harm to American citizens and communities,” Wray said. Wray also disclosed that the FBI, working with other partners, had identified “hundreds of routers that had been taken over” by the group.

  • CISA chief Jen Easterly told lawmakers that a cyber attack on infrastructure could cause massive disruption.  “The Chinese government got a little bit of a taste of this in the aftermath of the Russian-linked ransomware attack on the Colonial Pipeline in May of 2021, that shut down gas to the Eastern Seaboard for several days. Americans couldn't get to work. 

“They couldn't take their kids to school, get folks to the hospital. It caused a bit of panic. Now, imagine that on a massive scale. Imagine not one pipeline, but many pipelines disrupted. Telecommunications going down so people can't use their cell phone. People start getting sick from polluted water. Trains get derailed, air traffic control systems, port control systems are malfunctioning,” she said. 

Easterly remarked that the escalation of hacking operations shows that China is preparing the digital landscape for possible military activity, a huge leap from simple espionage and data theft.  

“It is Chinese military doctrine to attempt to induce societal panic in their adversary,” she said. “This is truly an Everything Everywhere, All at Once scenario. And it's one where the Chinese government believes that it will likely crush American will for the US to defend Taiwan in the event of a major conflict there.” she siad.

  • Gen. Paul Nakasone, the outgoing head of the NSA, told lawmakers that the targeting of critical infrastructure on Guam could affect US military operations, describing the potential impact as “significant.” 

“We need to provide a series of different options that our commander in the Indo-Pacific region would want to respond with communications and ability to be able to leverage our most lethal weapon systems,” Nakasone said.  

He remarked that “That is absolutely what we're trying to address. You can take away Volt Typhoon infrastructure, you can take away some of their tradecraft, but…they have a military need to do these things. They're going to come back and build new infrastructure. Find new tradecraft.”

US national security leaders believe China is vulnerable to negative public opinion and that diplomatic efforts can be used to persuade Chinese authorities that supporting groups like Volt Typhoon are an unacceptable risk. 

The high level dispute in 2023 over a Chinese spy balloon that drifted over US airspace and was shot down serves to demonstrate that not every event linked to Chinese military activity is a decision made by top leadership. Sometimes commanders undertake entrepreneurial operations and when those cause harm to China's reputation and higher authorities can can intervene to stop such behaviour. 

While China has repeatedly denounced the US government’s hacking allegations as being without foundation, General Nakasone  has said “responsible cyber actors” did not target civilian infrastructure.

Amit Yoran, formerly US National Security Division director and CEO of leading cybersecurity firm Tenable, commented that “This is a sobering warning from the US government’s top cybersecurity leaders about a clear and present danger... We're being told in the strongest possible terms that strategic adversaries are specifically and deliberately going after the vital services that underpin our daily lives...

" Action here needs to be a top priority. We didn’t know, we didn’t expect this, we didn’t take action, are all euphemisms for negligence.”

Microsoft:     FBI:     DefenseOne:    Wired:      Guardian:      WSJ:       CBS:     NBC:    

Image: Wesley Tingey

You Might Also Read:

Britain Removes Chinese Components From The National Grid:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Bolstering Resilience In The Age Of Expanding Threats
Pakistan Mobile Internet Is Cut Off On Election Day »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

SparkCognition

SparkCognition

SparkCognition’s AI-powered solutions enhance cybersecurity, identify and prevent equipment failures before they happen, and provide prescriptive intelligence for maintaining your most critical assets

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

ADL Process

ADL Process

ADL Process offer secure data destruction, certified product destruction and responsible electronics recycling services to businesses and institutions.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

C3i Hub

C3i Hub

C3i Hub aims to address the issue of cyber security of cyber physical systems in its entirety, from analysing security vulnerabilities to developing tools and technologies.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Ridge Security

Ridge Security

Ridge Security enables enterprise and web application teams, ISVs, governments, education, DevOps, anyone responsible for ensuring software security to affordably and efficiently test their systems.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Teal Technology Consulting

Teal Technology Consulting

TEAL Technology Consulting is your trusted advisor for all your information security needs.