US officials say they have disrupted a state-backed Chinese effort to plant malware that could damage civilian infrastructure, as the head of the FBI warned that Beijing was positioning itself to disrupt daily life in America were the US and China ever to go to war.
The operation disrupted a botnet of hundreds of small office and home routers based in the US that were owned by private citizens and companies that had been hijacked by the Chinese hackers to cover their tracks as they sowed malware.
Their ultimate targets included water treatment plants, the electrical grid and transportation systems across the US, official said on Wednesday.
The comments align with assessments from outside cybersecurity firms including Microsoft, which said in May that state-backed Chinese hackers had been targeting US critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the US and Asia during future crises.
At least a portion of that operation, attributed to a group of hackers known as Volt Typhoon, has been disrupted after FBI and justice department officials obtained search-and-seizure orders in Houston federal court in December. US officials did not characterise the disruption’s impact, and court documents unsealed on Wednesday say the disrupted botnet was just “one form of infrastructure used by Volt Typhoon to obfuscate their activity”. The hackers have infiltrated targets through multiple avenues, including cloud and internet providers, disguised within normal traffic.
The FBI director, Chris Wray, told the House select committee on the Chinese Communist party that there had been far too little public focus on a cyber threat that affects “every American”.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray said.
Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, voiced a similar sentiment at the hearing.
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes – all to ensure that they can incite societal panic and chaos and to deter our ability [to marshal a sufficient response],” she said.
The US has in the past few years become more aggressive in trying to disrupt and dismantle both criminal and state-backed cyber operations, with Wray warning on Wednesday that Beijing-backed hackers aimed to pilfer business secrets to advance the Chinese economy and steal personal information for foreign influence campaigns.
“They are doing all those things. They all feed up ultimately into their goal to supplant the US as the world’s greatest superpower,” he said.
Complicating the threat is that state-backed hackers, especially Chinese and Russian, are good at adapting and finding new intrusion methods and avenues.
US officials have long been concerned about such hackers hiding in US-based infrastructure, and the outdated Cisco and NetGear routers exploited by Volt Typhoon were easy prey because they were no longer supported by their manufacturers with security updates. Because of the urgency, law enforcement officials said, US cyber operators deleted the malware in those routers without notifying their owners directly – and added code to prevent reinfection.
“The truth is that Chinese cyber actors have taken advantage of very basic flaws in our technology,” Easterly said. “We’ve made it easy on them.”
On Wednesday, US officials said allies were also affected by Volt Typhoon’s critical infrastructure hacking but, asked by reporters, would not discuss any countermeasures they might be taking.
China has repeatedly denounced the US government’s hacking allegations as baseless. Beijing has accused the US of “almost daily” intrusions against the Chinese government, with Wang Wenbin, a spokesman for the Chinese foreign ministry, saying last year “China is the biggest victim of cyber-attacks”.
But Gen Paul Nakasone, the outgoing commander of US Cyber Command and the National Security Agency, said “responsible cyber actors” did not target civilian infrastructure.
“There’s no reason for them to be in our water,” Nakasone said. “There’s no reason for them to be in our power.”