An advanced group of Chinese hackers, targeting critical US infrastructure, has been active for half a decade, bare a joint investigation by the NSA, CIA and FBI last week. The US National Security Agency, the cyber watchdog, the FBI and the Transportation Security Administration, acknowledged that the group known as Volt Typhoon, had quietly infiltrated the networks of aviation, railways, public transportation, highways, shipping, pipelines, water and sewage organizations. .
None of the organizations were identified by their real name, but the statement said that US intelligence officials had monitored hackers “for at least five years.” The US statement was co-signed by the respective cybersecurity agencies of Britain, Australia, Canada and New Zealand, and is the latest in a series of warnings from US officials about Volt Typhoon, a group that has generated particular alarm because it appears to be aimed at sabotage rather than espionage.
War
The widespread nature of hacks has led to a series of meetings between the White House and different industries, including several telecommunications companies, which the US government asked for help in tracking the activity. “We are extraordinarily concerned about the malicious cyber activity of these hackers sponsored by the government of the People’s Republic of Chinawhich the industry calls Volt Typhoon,” acknowledged Eric Goldstein, a senior official at CISA, the US cyber watchdog. “Most of the victims we have identified have no legitimate espionage value, but their social impact It is enormous if a collapse had been caused, which we understand was what was being studied,” he added.
U.S. officials say they have disrupted a state-backed Chinese effort to plant malware that could damage civilian infrastructure, while FBI chief Chris Wray warned that Beijing was positioning itself to disrupt daily life in the United Statesif the country and China ever went to war.
“China’s hackers are positioning themselves on American infrastructure in preparation to wreak havoc on our American citizens and communities, if China decides the time has come to strike,” Wray explained. And Jen Easterly, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, added: “This is a world where a major crisis on the other side of the planet could very well endanger the lives of Americans here at home. through the disruption of our pipelines, the disruption of our telecommunications, contamination of our water facilitiesthe paralysis of our modes of transport… all to ensure that they can incite panic and chaos in society, and to hurt our ability to organize a response.”
In recent years, the United States has become more aggressive in trying to disrupt and dismantle both criminal and state-backed cyber operations, and Wray warned that other hackers backed by Beijing They aimed to steal trade secrets and personal information for foreign influence campaigns. “They are doing all those things. The goal is to supplant the United States as the world’s greatest superpower,” he said.
Allies
In tune, the UK’s cybersecurity agency has urged operators of critical national infrastructure, including energy and telecommunications networks, to monitor and prevent Chinese state-sponsored hackers from hiding in their systems.
The National Cyber Security Centre, part of GCHQ, issued the warning after it emerged that the hacking group Volt Typhoon had attacked a US military post in the Pacific Ocean. And the so-called Five Eyes intelligence group (United States, United Kingdom, Australia, Canada and New Zealand) issued a joint advisory detailing the nature of the threat and how to address it.
Microsoft acknowledged in its own statement that Volt Typhoon had been active since mid-2021 and had targeted telecommunications infrastructure on Guam, an island home to a U.S. military facility that is expected to play a major role in any U.S. response to a Chinese invasion of Taiwan.
Paul Chichester, NCSC chief operating officer, added: “It is vital that operators of critical national infrastructure take steps to prevent attackers from hiding in their systems, as outlined in the joint advisory with our international partners. We recommend UK essential service providers follow our guidelines to detect this malicious activity and avoid a compromise of our network“.
One of the tactics of the Volt Typhoon hackers was to use a “web shell,” a piece of malicious code that allows access to a web server, and then used it as a way to access connected systems. Secureworks, an American cybersecurity company that contributed to the analysis of the strategy of Chinese-sponsored hackers, said hackers tended to share their techniques with other attack units to achieve greater impact and infiltrate as much as possible.
“Chinese threat groups are likely to use similar techniques against targets in the United Kingdom,” said Marc Burnard, a researcher at Secureworks. And Don Smith, vice president of threat research at Secureworks, added “it was an attempt to ensure a long-term strategic intelligence gain.”
Image gallery
