FBI Director Says Chinese Hackers Prepare to 'Wreak havoc' on Key US Systems
US Govt The US announced on Wednesday that it had disrupted a Chinese-backed hacking operation targeting critical infrastructure, amid warnings that Beijing was preparing to inflict “real world harm” on Americans in the event of a future conflict.
Speaking during a US House of Representatives committee hearing on cyber threats from China, FBI Director Christopher Wray told lawmakers: “China's hackers are preparing to wreak havoc on American infrastructure and cause real-world harm to American citizens and communities. That's when China decides it's time to attack.
Wray described ongoing operations by a China-backed hacking group that called Typhoon Volt “the defining threat of our generation” and said in the early stages of the conflict that the attackers' goal was to “disrupt our military mobilization ability.” Taiwan is claimed by China as its territory.
Jen Easterly, director of the US cybersecurity agency CISA, testified during the hearing that “very basic” flaws underpinning critical infrastructure in the US “made it easier” for China-backed hackers to target their systems.
“We've seen Chinese threat actors, dubbed the Volt Typhoon, bury themselves deep within our critical infrastructure to launch destructive attacks in the event of a major crisis or conflict,” Easterly said. “This is a major crisis around the world that puts American lives at risk by disrupting our pipelines, severing our telecommunications, polluting our water facilities and crippling our transportation.”
Volt Typhoon is a state-sponsored hacker group in China that focuses on espionage and information gathering. Wray and Easterly's comments fit with findings from Microsoft, which said last year that Typhoon Volt was tracking the potential to disrupt critical communications infrastructure between the US and Asian regions during future crises.
China has long denied hacking allegations from the West, describing them as “mass disinformation”.
During the trial, Wray announced that the FBI and Justice Department had conducted an operation in December to disrupt Volt Typhoon's infrastructure.
In the operation, first reported by Reuters on Tuesday, US authorities disrupted a China-controlled botnet that included hundreds of US-based routers for small businesses and home offices. These compromised devices — mostly lifelong Cisco and Netgear routers that haven't received routine security updates — were infected with the “KV Botnet” malware, which was designed to be stealthy.
The FBI was able to remove malware from the hijacked routers and sever their connection to Chinese government-sponsored hackers, the Justice Department confirmed in a statement.
“The United States will continue to crack down on malicious cyber activities that undermine the security of the American people — including those sponsored by foreign governments,” US Attorney General Merrick Garland said in a statement.
In an advisory published Wednesday, CISA urged device manufacturers to improve their device security by removing vulnerabilities in router web interfaces during software development.
Earlier this month, the FBI and CISA also warned that Chinese-made drones pose a “significant risk” to critical infrastructure and US national security.