FBI Director Says China Hackers Prepare to ‘Wreak Havoc’ on Critical US Systems
The US government announced on Wednesday that it had disrupted a Chinese-backed hacking operation targeting critical US infrastructure, amid warnings that Beijing was preparing to inflict “real-world damage” on Americans in the event of a future conflict.
Speaking during a US House of Representatives committee hearing on cyber threats from China, FBI Director Christopher Wray told lawmakers: “China’s hackers are positioning themselves in American infrastructure preparing to wreak havoc and cause real harm to American citizens and communities if or when China decides that the time has come to strike.”
Wray described the ongoing activity by a Chinese-backed hacking group called Volt Typhoon as “the defining threat of our generation” and said the attackers’ goal is to “disrupt our military’s ability to mobilize” in the early stages of an anticipated conflict. Taiwan, which China claims as its territory.
Jen Easterly, director of the U.S. cybersecurity agency CISA, testified during the hearing that “very basic” flaws underlying critical infrastructure in the U.S. have “made it easy” for Chinese-backed hackers to target their systems.
“We’ve seen Chinese threat actors, including those known as Volt Typhoons, bury our critical infrastructure deep to enable devastating attacks in the event of a major crisis or conflict,” Easterly said. “This is a world where a major crisis halfway around the world will endanger American lives by disrupting our pipelines, disrupting our telecommunications, polluting our water facilities, and crippling our transportation.”
Volt Typhoon is a state-owned hacker group based in China that typically focuses on espionage and intelligence gathering. Wray and Easterly’s comments align with the findings of Microsoft, which last year said the Volt Typhoon was pursuing the ability to disrupt critical communications infrastructure between the US and the Asian region during future crises.
China has long denied Western hacking claims, calling them a “collective disinformation campaign”.
During the hearing, Wray announced that the FBI and Justice Department conducted an operation in December to disrupt the Volt Typhoon’s infrastructure.
The company, Reuters first reported on Tuesday, saw US authorities disrupt a Chinese-controlled botnet involving hundreds of US-based routers for small businesses and home offices. These compromised devices – mostly end-of-life Cisco and Netgear routers that no longer received regular security updates – were infected with the “KV Botnet” malware designed to remain hidden.
The FBI was able to remove the malware from the compromised routers and sever their connection to Chinese state-sponsored hackers, the Justice Department confirmed in an announcement.
“The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people,” US Attorney General Merrick Garland said in the statement.
In advisory issued WednesdayCISA urged device manufacturers to improve the security of their devices by eliminating vulnerabilities in router web interfaces during software development.
Earlier this month, the FBI and CISA also warned that Chinese-made drones pose a “significant risk” to critical infrastructure and US national security.
