In a recent development, the U.S. government initiated a covert operation aimed at countering a widespread Chinese hacking network that had successfully compromised thousands of internet-connected devices. According to two Western security officials and an insider, the Justice Department and Federal Bureau of Investigation secured legal authorization to remotely disable certain aspects of the Chinese hacking campaign.
Rising Concerns Over Cybersecurity
The Biden administration has intensified efforts against hacking activities, driven not only by concerns about potential interference in the U.S. election but also due to the disruptive impact of ransomware on Corporate America in 2023.
Volt Typhoon – A Serious Threat to Critical Infrastructure
At the heart of recent cyber activities is the hacking group Volt Typhoon, causing heightened concern among intelligence officials. This group is reportedly part of a broader effort to compromise Western critical infrastructure, including naval ports, internet service providers, and utilities.
Evolving Tactics and Ongoing Threat
Although the Volt Typhoon campaign initially surfaced in May 2023, it gained momentum late last year, with the hackers modifying some of their techniques. The evolving nature of the hacks prompted a series of meetings between the White House and private technology industry representatives, seeking assistance in tracking and mitigating the cyber threats.
Potential Implications on U.S. Military Operations
Security experts express concerns that such breaches could provide China with the capability to remotely disrupt vital facilities in the Indo-Pacific region. These facilities may, in some capacity, support or service U.S. military operations. Officials are particularly alarmed as they suspect the hackers might be working to undermine U.S. readiness in the event of a Chinese invasion of Taiwan.
Chinese Response and Denials
The Chinese embassy in Washington did not immediately respond to requests for comment on the matter. When initially warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning dismissed the hacking allegations as a “collective disinformation campaign” orchestrated by the Five Eyes countries.
Volt Typhoon’s Modus Operandi
Volt Typhoon operates by gaining control of vulnerable digital devices globally, including routers, modems, and internet-connected security cameras. These compromised devices form a botnet, concealing downstream attacks into more sensitive targets. The use of botnets is a significant concern for security officials, limiting the visibility of cyber defenders monitoring for foreign footprints in computer networks.
Unraveling the Tactic
A former official familiar with the matter explained, “The Chinese are taking control of a camera or modem positioned geographically near a port or ISP, and then using that destination to route their intrusions into the real target.” This tactic creates the illusion of normal, local user activity to the IT team at the downstream target.
In the ongoing battle against cyber threats, this exclusive revelation sheds light on the escalating efforts to counter a sophisticated Chinese hacking network that poses a significant risk to critical infrastructure and geopolitical stability.
