Chinese military hackers are increasing their ability to damage critical American infrastructure, such as power and water utilities, as well as communications and transportation systems, the Washington Post (WaPo) reported, citing US officials.
For more than a year, Chinese military officials refused to talk with their American counterparts despite an increase in close-call intercepts of US spy planes by Chinese fighter jets in the western Pacific.
Last month, US President Joe Biden and Chinese President Xi Jinping agreed to reopen such avenues of communication.
WaPo Report
Experts suggested that hackers associated with China’s People’s Liberation Army (PLA) have breached the computer systems of nearly two dozen major businesses in the past year. The intrusions are part of a bigger plan to spread panic and confusion or impede logistics in the event of a US-China battle in the Pacific, they said.
The entities include a Hawaiian water utility, a major West Coast port and oil and gas pipelines, people familiar with the issue told WaPo. The hackers also attempted to break into foreign electrical systems. For instance, Texas’s power grid operates independently from electrical systems in the rest of the country.
According to US officials, none of the attacks damaged or disrupted industrial control systems that operate pumps, pistons, or any other critical function. However, they believe the Chinese military’s interest in Hawaii suggests its strategy is to complicate US efforts to send troops and equipment to the region if a conflict over Taiwan breaks out.
Brandon Wales, Executive Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said,
“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the US from being able to project power into Asia or to cause societal chaos inside the US — to affect our decision-making around a crisis.”
“That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage,” Wales argued.
The Chinese military is ramping up its ability to disrupt key American infrastructure, including power and water utilities as well as communications and transportation systems, according to U.S. officials and industry security officials.https://t.co/o1z71pOf0F
— The Washington Post (@washingtonpost) December 11, 2023
New Revelations Regarding ‘Volt Typhoon’ Campaign
Per the report, the newly disclosed information gives a greater understanding of the Volt Typhoon cybercampaign, which was initially identified by the US authorities around a year ago.
Morgan Adamski, director of the National Security Agency’s (NSA) Cybersecurity Collaboration Centre, confirmed in an email that Volt Typhoon activity “appears to be focused on targets within the Indo-Pacific region, to include Hawaii.”
Reports suggest that the hackers frequently attempted to hide their tracks by routing their attacks through harmless devices, such as home or workplace routers, before reaching their victims. However, several of their entry methods have still not been determined.
Joe McReynolds, a China security studies scholar at the Jamestown Foundation, a security think tank, said that the hackers are seeking a technique to get in and stay in without being detected, which they can later use for attack.
Threat researcher Jonathan Condra of security firm Recorded Future, which discovered Volt Typhoon probing the Texas grid this summer, said that the Chinese have carried out the attacks in secrecy, which refutes any notion that they wanted the US to be aware of their capabilities.
US Strengthens its Cyber Defences
Reports indicate that the US government is working with the private sector and technology companies to detect and prevent such cyber threats.
CISA’s Goldstein said that companies such as Microsoft share anonymised information regarding adversary tactics, indicators that a system has been penetrated, and mitigations.
In general, these organisations do not detect the hacker’s presence within their customers’ networks, but rather discover it through communications to the servers the hacker is using to direct the attack, Goldstein added.
Reuters reported in May that Microsoft had identified espionage by a state-sponsored Chinese hacking group targeting various key infrastructure in the US, including the island territory of Guam, which is home to strategically important American military sites. Microsoft pointed out that “mitigating this attack could be challenging.”
As a result of these cyber attacks, the Biden Administration issued oil and gas pipeline cyber regulations in 2021. In addition, the Environmental Protection Agency issued a directive in March requiring states to identify cyber hazards in public water system reviews. Following this, three states filed lawsuits against the government, alleging excessive regulatory authority.
To strengthen cyber defences, the NSA and other agencies have advocated steps such as mass password resets, better monitoring, and more secure authentication mechanisms.