Hidden Chinese Hackers Lie in Wait
A new cybersecurity report has revealed that Chinese attempts to target US infrastructure have continued for half a decade in order to prepare for the possibility of war.
Federal officials have confirmed that China has positioned hackers within United States infrastructure systems for the last five years in the event the two countries go to war, so that China can wreak havoc on the American energy grid. A new public cybersecurity warning report was made public on Wednesday, and it details the work of six US agencies, as well as allied cybersecurity and intelligence agencies from Australia, Canada, New Zealand and the U.K.
The report confirms that the People’s Republic of China (PRC) state-sponsored hackers, specifically the group known as "Volt Typhoon,” have infiltrated critical infrastructure, “primarily in Communications, Energy, Transportation Systems, and Waste and Wastewater Systems Sectors — in the continental and non-continental United States and its territories.”
The US government has launched a counter operation in recent months to combat the Volt Typhoon hacking operation, which is comprised of thousands of internet-connected devices. The Justice Department and Federal Bureau of Investigation has recently sought and received legal authorization to remotely disable aspects of the Volt Typhoon infiltration campaign.
While the hacking was initially exposed to government officials in May 2023, the scope of the operation continued to expand into late last year, eventually changing some of the techniques that were used to gain access to US systems. The increased activity led to a series of meetings between the White House and the private technology community, including several telecommunications and cloud computing companies, where the US government was able to coordinate a plan to track the breached activity.
United States agency officials have been openly warning of Chinese hackers quietly gaining access to US infrastructure for the past year, and have predicted that any major conflict between the countries could escalate into a very serious cyberattack from China. One of the more notable issues that concerned officials overseeing this project, was the announcement by President Joe Biden in September of 2022, that the United States military would be forced to defend Taiwan if China invaded — which drew criticism from Beijing as a violation of longstanding US policy.
One of the more insidious aspects of the Chinese strategy is how hackers are able to remain invisible throughout the process, which makes it nearly impossible for private owners of infrastructure companies to even know their systems have been compromised. This report details the ongoing success by China, and has now publicly confirmed that the PRC has had access for years without being noticed.
Remotely controlled hacking systems, known as botnets, are a collection of Internet-connected devices, that include computers, smartphones or Internet of things (IoT) devices, where security has been breached and control ceded to a third party. These systems are causing mounting concern for security officials because this method limits the ability to detect foreign footprints in their computer networks. Botnets are used by both friendly and unfriendly hackers to quickly target mass victims simultaneously or to hide identity.
"How it works is the Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP (internet service provider) and then using that destination to route their intrusions into the real target," said a former official familiar with the matter. "To the IT team at the downstream target it just looks like a normal, native user that's sitting nearby."
The United States is not known to typically condemn other nations for conducting cyber espionage, as America itself does not deny engaging in that practice. However, this latest report focuses on the inconsistencies found in Chinese hacking within the US in the last several years, and has determined that the “choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations.” The potential for Chinese hackers to use this network access to create “potential geopolitical tensions and/or military conflicts” is high.
In an emailed statement about Wednesday’s report, the spokesperson for China’s embassy in Washington, Liu Pengyu, continued to deny hacking allegations, saying that “China does not encourage, support or condone attacks launched by hackers.” FBI Director Christopher Wray explained in his testimony before Congress last week that the ongoing hacking campaigns show how “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”
For more on this issue please read:
Amee Vanderpool writes the SHERO Newsletter, is an attorney, published author, contributor to newspapers and magazines, and an analyst for BBC radio. She can be reached at avanderpool@gmail.com or follow her on Twitter @girlsreallyrule.
Paid subscriptions and one-time tributes embedded in each article allow me to keep publishing critical and informative work that is sometimes made available to the public — thank you. If you like this piece and want to support independent journalism further, you can forward this article to others, get a paid subscription or gift subscription, or donate as much as you like today.
Well, that's fantastic. Something else to trigger my free-floating anxiety............
Hopefully, we're doing more than disabling "certain aspects" of the ongoing hacks. Once upon a time we a clearly communicated foreign policy that made certain assumptions on the part of the average citizen easy to make. Now? I'm not at all certain where the US stands in the mix of imports, China owned US property, exports, politics, and national safety or how any of that affects our ability to effectively maintain a defense hacking program. I'm certain that the mindset of profit before anything else is continuing to erode our efforts. (The hints I've read regarding some hacking made easier since we buy the majority of our computer hardware from China make sense to me. Haven't seen the US funding more robust US hardware manufacturing though.)
What I am certain of is that China will delight in using our current political and social instability against us with the real world goal to defeat us. If that means via Russia, it seems as if that'd be fine with them. (Referencing the meetings Russia & China have had the past two years.)