Chinese hackers are determined to “wreak havoc” on US critical infrastructure, FBI Director Christopher Wray told House lawmakers on Wednesday.
Overview
Speaking before the House Select Committee on the Chinese Communist Party, Wray said that the Chinese Communist Party (CCP) is “a threat to American safety.” “There has been far too little public focus on the fact that [Chinese] hackers are targeting our critical infrastructure, our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems.”
The official stressed that the risk such activities pose to American citizens “requires [Wasington’s] attention now.” “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if and when China decides the time has come to strike,” Wray asserted.
Hackers linked to the Chinese government are targeting critical US infrastructure, preparing to cause 'real-world harm' to Americans, FBI Director Christopher Wray told a congressional committee https://t.co/lyCT5NOdwA pic.twitter.com/mWdDOyczil
— Reuters (@Reuters) January 31, 2024
His sentiments were echoed by another official — Jen Easterly — the director of the Department of Homeland Security’s cybersecurity arm.
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes — all to ensure that they can incite societal panic and chaos and to deter our ability” Easterly said.
Microsoft Report
Wray and Easterly’s comments also reflect findings from a Microsoft report released last year.
The report found that Volt Typhoon, a state-sponsored Chinese cyberespionage group, has targeted critical infrastructure organisations in the US since at least mid-2021, including communications, manufacturing, utility, transport, construction, maritime, government, information technology, and education.
Further, Microsoft stated in a blog post that it “has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organisations in the United States.” The observed behaviour further indicates that the “threat actor intends to perform espionage and maintain access without being detected for as long as possible.”