Last May I wrote about a group of Chinese hackers who’d been identified by Microsoft after malware was discovered in telecom systems on the island of Guam. Microsoft named the hacking group “Volt Typhoon.”
Microsoft called the hacking group “Volt Typhoon” and said that it was part of a state-sponsored Chinese effort aimed at not only critical infrastructure such as communications, electric and gas utilities, but also maritime operations and transportation. The intrusions appeared, for now, to be an espionage campaign. But the Chinese could use the code, which is designed to pierce firewalls, to enable destructive attacks, if they choose.
Today, FBI Director Christopher Wray spoke at a summit on emerging threats in Nashville and talked about Volt Typhoon and the threat presented by Chinese hackers.
“The PRC [People’s Republic of China] has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist,” he said in remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats in Nashville…
“The fact is, the PRC’s targeting of our critical infrastructure is both broad and unrelenting,” he said. And, he added, the immense size—and expanding nature—of the CCP’s hacking program isn’t just aimed at stealing American intellectual property. “It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” he said.
Wray gave this example of a trap set up for the hackers which suggested they were interested in more than profit.
“When one victim company set up a honeypot—essentially, a trap designed to look like a legitimate part of a computer network with decoy documents—it took the hackers all of 15 minutes to steal data related to the control and monitoring systems, while ignoring financial and business-related information, which suggests their goals were even more sinister than stealing a leg up economically,” he said.
For its part, China has released a report claiming that Microsoft’s investigation (the one that named Volt Typhoon last year) was mistaken. The hackers aren’t backed by the state China claims, but simply criminals looking for ransomware opportunities. Here’s what state media had to say just a few days ago.
Multiple cybersecurity authorities in the US have been pushing “China-sponsored” Volt Typhoon false narrative just for seeking more budgets from the US Congress. Meanwhile, Microsoft and other US cybersecurity companies also want more big contracts from US cybersecurity authorities, according to a report about the investigation…
Volt Typhoon hacker group is a ransomware cybercriminal organization without state or regional support background, Chinese Foreign Ministry spokesperson Lin Jian said at a regular press conference on Monday commenting on the investigation report, saying that various signs indicate that US intelligence community and cybersecurity companies are colluding to fabricate so-called evidence and spread false information that the Chinese government supports cyberattacks against the US, in order to seek congressional budget appropriations and government contracts.
No doubt this is the sort of plausible deniability China planned on if its hackers were caught. But US allies seem convinced that Volt Typhoon is a very large Chinese operation.
Daniel Cuthbert, who sat on the UK Government Cyber Security Advisory Board, said the Volt Typhoon hacking system is bigger than anything China has unleashed before…
“In essence, Volt Typhoon is a campaign, albeit a very large one, by Chinese state agents actively gaining access to industrial control systems and other critical national infrastructure,” Cuthbert told Newsweek.
“Similar campaigns have been happening for a very long time, but I think what has surprised many, including myself, was the sheer scale of the campaign.”
China can continue to deny it is involved but clearly our intel agencies are onto what they have been doing and have been removing the malware from compromised computers. Whatever China was planning to do with this capability, it probably won’t be able to now.