Government officials and cybersecurity specialists in the United States are alerting the public to reports that the Chinese military is trying to breach vital infrastructure in the country, such as transportation networks and water and electricity utilities.
According to The Washington Post, which cited anonymous officials and security specialists, hackers purportedly connected to China’s People’s Liberation Army have infiltrated the computer networks of roughly twenty-two important organizations during the previous year. According to reports, the incursions are part of larger attempts to devise strategies for inciting fear, destabilizing the situation, and impeding supplies if the United States and China go to war.
According to the article, a major port on the West Coast, an oil and gas pipeline, and a water utility in Hawaii are among the victims that Chinese hackers are allegedly targeting. It is also reported that the hackers made an effort to compromise the Texas power grid operator. In addition to people living in the United States, “several entities” allegedly outside the country are also listed as victims.
At least thus far, no breach has been discovered to impact industrial control systems that perform vital tasks.
The U.S. Pacific Fleet is based in Hawaii, therefore attacking a utility there is noteworthy. It might be harder to get troops and supplies to a battle zone if a service is cut off.
Though intriguing in and of itself, the revelation might be seen as an update to earlier reports, especially those about the Volt Typhoon hacking group, which is purportedly state-sponsored and based in China, and which it also references.
Researchers from Microsoft Corp. issued a warning in May, citing suspicions that Volt Typhoon, which has been active since mid-2021, was getting ready to interfere with U.S.-Asia communication networks in an emergency. The targeted industries of the group are government, information technology, education, construction, manufacturing, utilities, transportation, and maritime.
Campaigns for Volt Typhoons prioritise stealth, employing cutting-edge strategies including hands-on keyboard exercises and LOLBins living off the land. Obtaining credentials, preparing data for exfiltration, and utilizing legitimate credentials to remain persistent in infiltrated systems are some of the group’s strategies.
Along with authorities from Australia, Canada, New Zealand, and the U.K. (the so-called “Five Eyes countries”), the National Security also put out a Joint Cybersecurity Advisory. This document explains the methods, techniques, and steps used in the attacks that were supposedly supported by the Chinese government.
Executive director of the Cybersecurity and Infrastructure Security Agency Brandon Wales told the Washington Post that it is very evident that China is trying to undermine vital infrastructure in part to position itself to be able to disrupt or destroy it in the event of a conflict, either to prevent the US from projecting power into Asia or to create social unrest within the US — to influence our decision-making around a crisis. Compared to Chinese cyber activities seven to ten years ago, which were mostly focused on political and economic espionage, that is a substantial shift.
In an email, the director of the NCSA’s Cybersecurity Collaboration Centre attested to the fact that Volt Typhoon activity seemed to be concentrated on targets in the Indo-Pacific area, including Hawaii.
The officials claimed that to hide their activities, hackers would frequently thread their attacks through harmless objects, like routers in homes or offices, before attacking their target.
Stealing staff credentials so they could return under the guise of regular users was one of the main objectives. However, some of their entrance strategies remain unknown.
What was taken by the hackers?
According to the investigation, before they could eventually reach their victims, the hackers attempted to hide their activities by using routers in homes or offices. Their intention was not to use a back door entry, but to return as regular users by stealing employee credentials.
In order to launch an attack later, you are attempting to tunnel into the infrastructure of your adversaries. Up to that point, you wait it out, do reconnaissance, and determine whether you can advance into more important organizations or targets upstream, such as industrial control systems. And one day you go from reconnaissance to attack if you get the order from higher up, according to Joe McReynolds, a China security studies fellow at the think tank Jamestown Foundation.