Report: Chinese Hackers Penetrated over Two Dozen Critical U.S. Infrastructure Systems
Concerns about China’s cyber-warfare assault on U.S. infrastructure have been justified, according to a report by The Washington Post. Hackers linked to the People’s Liberation Army (PLA) have successfully infiltrated the computer systems of more than two dozen critical entities in the past year, including a Hawaiian water utility, a port on the West Coast, an oil and gas pipeline, and the company operating the power grid for the state of Texas.
The attacks, part of a campaign named Volt Typhoon by U.S. government cybersecurity experts, did not result in any damage or major disruptions. However, experts believe the purpose of these infiltrations was not immediate damage, but rather reconnaissance. They suspect the hackers were testing U.S. responses and laying the groundwork for potential future cyberattacks, particularly in the event of a significant U.S.-China conflict, such as a battle for Taiwan.
Brandon Wales, the executive director of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), said, It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict. Wales added that the intention may be to prevent the United States from projecting power into Asia or to create societal chaos within the United States.
The hackers behind Volt Typhoon were highly strategic, prioritizing evasion and hiding their location. Joe McReynolds of the Jamestown Foundation described their approach as building tunnels into U.S. infrastructure, which they could later use for attacks. McReynolds explained that the hackers would carry out reconnaissance and attempt to infiltrate more critical companies and targets upstream. They would then switch from reconnaissance to attack if instructed to do so.
Cybersecurity experts expressed alarm at the intensity of Volt Typhoon activity around Hawaii, where the U.S. Pacific Fleet is based. Guam, the closest U.S. territory to Taiwan, also experienced a significant infiltration. The stealthy tactics used by the hackers suggest they were focused on preparing for future serious attacks, rather than seeking attention through their actions.
Fortunately, many of the Volt Typhoon targets were smaller companies not directly connected to vital infrastructure. This indicates that the hackers were opportunistic, pursuing easy targets rather than directly attacking crucial systems.
President Joe Biden was expected to discuss China’s hacking campaign during his recent meeting with Xi Jinping in San Francisco. However, for unknown reasons, Biden chose not to raise the subject.
According to Microsoft Threat Intelligence, the culprits behind Volt Typhoon are a state-sponsored actor based in China, known for espionage and gathering information. Microsoft noted that the campaign began in mid-2021, with Guam’s critical infrastructure among the earliest targets. The hackers targeted a wide range of sectors, including communications, manufacturing, utilities, transportation, government, and education.
The hackers employed a living off the land strategy, involving stealing valid security credentials and disguising malicious code as normal software to remain undetected within targeted systems. Microsoft highlighted the hackers’ skill in blending their communications with viral code into normal network traffic to avoid detection.
The Cybersecurity and Infrastructure Security Agency (CISA) released an advisory in May about Volt Typhoon and its tactics. They provided tips for detecting the Chinese malware, with many intrusions eventually being detected by identifying subtle anomalous patterns in network activity.
John Hultquist, chief analyst for cybersecurity firm Mandiant Intelligence, warned that Volt Typhoon was larger and more dangerous than initially believed. He described it as a deliberate, long-term attempt to infiltrate critical infrastructure while staying below the radar. Hultquist concurred with National Security Agency (NSA) analysts who believed the hackers were preparing for disruptive events in the event of a wartime scenario.
The activity of Volt Typhoon represents a significant concern for U.S. cybersecurity, given the hackers’ efforts to remain undetected and their focus on critical infrastructure targets. As the U.S. continues to grapple with cyber threats from China, experts emphasize the need to enhance defense measures and strengthen cybersecurity protocols to protect vital systems from potential future attacks.
In conclusion, China’s hackers have successfully breached multiple critical U.S. infrastructure systems, raising concerns about potential future cyberattacks. The Volt Typhoon campaign, carried out by hackers linked to the People’s Liberation Army, focused on reconnaissance and laying the groundwork for potential disruptive events in the event of a U.S.-China conflict. While no immediate damage occurred, experts warn that the hackers’ infiltration should not be underestimated. The U.S. must prioritize cybersecurity to safeguard vital infrastructure and protect against future attacks.
