UNITED24 - Make a charitable donation in support of Ukraine!

Homeland Security

China-Linked Hackers Lurk in Critical US Systems

By Jeff Seldin February 08, 2024

China-linked hackers targeting key sectors of the U.S. economy appear to have been hiding in key computer systems and networks for at least five years, according to a new warning from the United States and key allies, who urge companies to take urgent action to mitigate the risk.

The cybersecurity advisory issued Wednesday by multiple U.S. agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), states that a cyberthreat group known as Volt Typhoon has been "positioning itself to launch destructive cyberattacks that would jeopardize the physical safety of Americans."

In particular, the advisory warns that China-linked Volt Typhoon hackers have successfully infiltrated the computer networks of private companies linked to critical sectors of the U.S. economy, including communications, energy, water and wastewater, and transportation.

The advisory further warns that Volt Typhoon hackers have been "maintaining access and footholds within some victim IT environments for at least five years." And CISA acknowledged the penetrations may be more extensive than is currently known.

Officials said other industries, including construction, information technology and education are also being targeted.

"What we've found to date is likely the tip of the iceberg," CISA Director Jen Easterly said in a statement. "CISA teams have found and eradicated Volt Typhoon intrusions into critical infrastructure across multiple sectors."

In addition to the FBI and CISA, the advisory — and its findings — were endorsed by the U.S. National Security Agency, as well as cyber officials from Canada, Australia and New Zealand, who said that their own critical infrastructure could also be at risk.

One CISA official called the advisory "a stark warning to critical infrastructure organizations."

"The information that we are releasing with this advisory is reflecting a strategic shift in PRC [People's Republic of China] malicious cyber activity from a focus on espionage and IT theft," said Eric Goldstein, CISA executive assistant director for cybersecurity.

"Our evidence strongly suggests that these PRC actors are positioning to launch future disruptive or destructive cyberattacks that could cause impact to national security, economic security or public health and safety," he told reporters, adding he expects the number of victims to grow.

Goldstein and other U.S. officials said that so far, there are no indications that hackers with Volt Typhoon have attempted to launch any sort of disruptive attacks on critical infrastructure. But they also said the way the Chinese-linked cyber actors infiltrated critical networks means it is likely just a matter of time.

"This stealthy access increases our concern that they are lurking, waiting for the right moment to cause devastating impacts," said FBI Deputy Assistant Director Cynthia Kaiser.

Kaiser also warned that Volt Typhoon "is certainly not the only Chinese group conducting this type of activity."

She said the FBI has identified additional threats by using surveillance capabilities authorized under Section 702 of the Foreign Intelligence Surveillance Act, or FISA, a controversial law that allows the FBI and U.S. intelligence agencies to gather electronic data of non-Americans without first obtaining a warrant.

"In fact, we only know about many critical infrastructure entities compromised by the Chinese because of FBI FISA 702 collection," she said.

The latest warning comes just a week after top U.S. law enforcement and cyber officials told lawmakers that they are bracing for a "cyber onslaught" from China.

Kaiser also warned that Volt Typhoon "is certainly not the only Chinese group conducting this type of activity."

She said the FBI has identified additional threats by using surveillance capabilities authorized under Section 702 of the Foreign Intelligence Surveillance Act, or FISA, a controversial law that allows the FBI and U.S. intelligence agencies to gather electronic data of non-Americans without first obtaining a warrant.

"In fact, we only know about many critical infrastructure entities compromised by the Chinese because of FBI FISA 702 collection," she said.

The latest warning comes just a week after top U.S. law enforcement and cyber officials told lawmakers that they are bracing for a "cyber onslaught" from China.



NEWSLETTER
Join the GlobalSecurity.org mailing list