U.S. officials claim to have stopped an attempt by China to plant malware that could potentially damage civilian infrastructure. If the U.S. and China were to go to war, officials warn that Beijing could disrupt the daily life of U.S. citizens. The FBI director issued this warning, stating that he was in a position to carry out such disruptions.
The operation resulted in the destruction of a botnet comprised of hundreds of small office and home routers located in the U.S. that had been hijacked by Chinese hackers in order to hide their tracks with malware. The operation was successful in accomplishing this.
U.S. officials said that the ultimate targets of the attackers included water treatment plants, power grids, and transportation systems in the United States.
These claims align with assessments made by external cybersecurity companies like Microsoft. In May, Microsoft revealed that state-sponsored Chinese hackers had been targeting critical U.S. infrastructure, laying the technological groundwork for potentially disrupting vital communications between the U.S. and Asia during future crises.
Some of the operation, attributed to a group of hackers known as Bolt Typhoon, was halted after the FBI and Justice Department officials obtained a search and seizure order in a Houston federal court in December. U.S. authorities have not disclosed the impact of the disruption, stating that the disrupted botnet was merely “a form of infrastructure used by Bolt Typhoon to obfuscate its activities.” The hackers concealed their actions within normal web traffic and infiltrated their targets through multiple channels, including cloud and internet providers.
FBI Director Chris Wray expressed concern that not enough public attention is being paid to cyber threats that affect “all Americans.” He made this statement before the House Select Committee on the Chinese Communist Party.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, echoed similar sentiments during the hearing, emphasizing that China’s cyber threats endanger the lives of Americans at home through disrupted pipelines, telecommunications, contaminated water facilities, and crippled transportation systems, with the goal of inciting social panic and chaos.
The United States has become more aggressive in recent years in its efforts to disrupt and dismantle both criminal and state-sponsored cyber operations. Wray also warned that Chinese government-backed hackers were aiming to steal trade secrets and personal information and influence foreign countries to ultimately supplant the United States as the world’s biggest superpower.
State-sponsored hackers, particularly those from China and Russia, are adept at adapting and finding new infiltration methods and routes, further complicating the threat.
U.S. authorities have long been worried about such hackers lurking in U.S. infrastructure. The older routers used by the Bolt Typhoon group were no longer receiving security updates from their manufacturers, making them easy targets for cyber attacks. Due to the urgency of the situation, U.S. cyber operators removed the malware from these routers without directly notifying their owners and added code to prevent reinfection.
According to Easterly, Chinese cyber attackers took advantage of a fundamental technological flaw in the U.S. that made it easy for them to carry out their attacks. U.S. officials stated that allies were also affected by the Bolt Typhoon hack of critical infrastructure, but they declined to disclose potential actions they might take in response to the attack.
China has repeatedly dismissed the U.S. government’s hacking allegations as baseless, claiming instead that the U.S. is the biggest perpetrator of cyberattacks. However, outgoing US Cyber Command and National Security Agency head Gen. Paul Nakasone stated that “responsible cyber attackers” were not targeting civilian infrastructure and had no reason to do so.
Source: www.theguardian.com
