The U.S. government announced Wednesday it had disrupted a China-backed hacking operation targeting U.S. critical infrastructure, amid warnings that Beijing is preparing to cause “real-world harm” to Americans in the event of a future conflict.
Speaking during a U.S. House of Representatives committee hearing on cyber threats posed by China, FBI director Christopher Wray told lawmakers: “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”
Wray described the ongoing activity by a China-backed hacking group dubbed Volt Typhoon as “the defining threat of our generation,” and said the attackers’ goal is to “disrupt our military’s ability to mobilize” in the early stages of an anticipated conflict over Taiwan, which China claims as its territory.
Jen Easterly, the director of the U.S. cybersecurity agency CISA, testified during the hearing that “very basic” flaws underpinning critical infrastructure in the U.S. have “made it easy” for China-backed hackers to target its systems.
“We have seen Chinese threat actors, including those known as Volt Typhoon, burying deep in our critical infrastructure to enable destructive attacks in the event of a major crisis or conflict,” said Easterly. “This is a world where a major crisis halfway across the world will endanger the lives of Americans through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, and the crippling of our transportation.”
Volt Typhoon is a state-sponsored group of hackers based in China typically focusing on espionage and information gathering. Wray’s and Easterly’s comments align with findings from Microsoft, which last year said that Volt Typhoon is pursuing the ability to disrupt critical communications infrastructure between the U.S. and Asia region during future crises.
China has long denied hacking allegations from the West, describing them as a “collective disinformation campaign.”
During the hearing, Wray announced that the FBI and the Justice Department carried out an operation in December to disrupt Volt Typhoon’s infrastructure.
The operation, first reported by Reuters on Tuesday, saw U.S. authorities disrupt a China-controlled botnet comprising hundreds of U.S.-based routers for small businesses and home offices. These compromised devices — mostly end-of-life Cisco and Netgear routers that no longer received routine security updates — had been infected with the “KV Botnet” malware that was designed to stay hidden.
The FBI was able to remove the malware from the hijacked routers and sever their connection to the Chinese state-sponsored hackers, the Justice Department confirmed in a statement.
“The United States will continue to dismantle malicious cyber operations — including those sponsored by foreign governments — that undermine the security of the American people,” commented U.S. Attorney General Merrick Garland on the announcement.
In an advisory published Wednesday, CISA urged device manufacturers to improve their device security by eliminating vulnerabilities in router web interfaces during software development.
Earlier this month, the FBI and CISA also warned that Chinese-manufactured drones pose a “significant risk” to critical infrastructure and U.S. national security.