Top U.S. officials have called the possibility of mischief by hackers with ties to China a “epoch-defining threat.” It is one of the biggest cybersecurity threats the U.S. faces right now.
U.S. intelligence officials say that hackers working for the Chinese government have been getting deep into the networks of U.S. key infrastructure like transportation, energy, and water providers in the past few months. The goal, according to officials, is to set the stage for hacking that could be very damaging if there is a future fight between China and the U.S., like if China invades Taiwan.
“China’s hackers are setting up shop on American infrastructure to wreck havoc and hurt American people and communities in real life, if and when China decides it’s time to strike,” FBI Director Christopher Wray told lawmakers earlier this year.
Since then, the U.S. government and its partners have taken action against the “Typhoon” family of Chinese hacking groups and made public new information about the dangers they pose.
The U.S. stopped a group of Chinese government hackers called “Volt Typhoon” in January. Their job was to set the stage for terrible hacks. Later in September, the US took over a botnet that was being run by a different Chinese hacking group called “Flax Typhoon.” This group pretends to be a private company in Beijing and helps the Chinese government hide their hacking operations. Since then, a new hacking group backed by China called “Salt Typhoon” has formed. They can get information on Americans, who could be targets of U.S. surveillance, by breaking into the wiretap systems of U.S. phone and internet companies.
So far, this is what we know about the Chinese hacking groups getting ready for battle.
Tiphoon Volt
According to the head of the FBI, Volt Typhoon is a new type of hacking group backed by China. Their goal is no longer just to steal sensitive U.S. secrets, but to stop the military from “mobilizing.”
Microsoft first found Volt Typhoon in May 2023. They found that hackers had been going after and breaking into network equipment like routers, firewalls, and VPNs since mid-2021 as part of a planned and ongoing effort to get deeper into U.S. key infrastructure. It’s more possible that the hackers were active for a lot longer, maybe even up to five years.
In the months after Microsoft’s report, Volt Typhoon broke into thousands of internet-connected devices by taking advantage of flaws in devices that were considered “end-of-life” and would no longer get security patches. So, the hacking group was able to get into the IT systems of many important key areas, such as transportation, energy, aviation, and water. This put them in a good position to launch future cyberattacks that would cause problems.
It has been common in the U.S. for people to steal secrets and gather information in secret. This person is not doing that. “They’re looking into sensitive critical infrastructure to see if they can stop major services if and when the order comes down,” said John Hultquist, chief analyst at Mandiant.
In January, the U.S. government said it had successfully stopped Volt Typhoon from using a botnet made up of thousands of hacked small office and home network routers in the U.S. The Chinese hacking group was using the botnet to hide its attacks on U.S. critical infrastructure. The FBI said it was able to get rid of the malware on the routers that were taken over, cutting the Chinese hacking group off from the botnet.
The Flax Typhoon
Microsoft first revealed Flax Typhoon in an August 2023 report. It is another hacking group backed by China that officials say has worked as a publicly traded defense company based in Beijing. U.S. officials say the company, Integrity Technology Group, has openly admitted that it has ties to China’s government.
In September, the U.S. government said it had taken control of another botnet used by Flax Typhoon. This one was made up of hundreds of thousands of internet-connected devices that used a custom version of the notorious Mirai virus.
At the time, U.S. officials said that the Flax Typhoon-controlled botnet was used to “do malicious cyber activity disguised as normal internet traffic from the infected consumer devices.” They said that Flax Typhoon’s botnet let other hackers with ties to the Chinese government “hack into networks in the U.S. and around the world to steal information and put our infrastructure at risk.”
Microsoft’s profile of the government-backed group Flax Typhoon says it has been active since the middle of 2021 and has mostly been going after “government agencies and education, critical manufacturing, and information technology organizations in Taiwan.” The DOJ said that its results agreed with Microsoft’s and that Flax Typhoon also “attacked multiple U.S. and foreign corporations.”
The Salt Typhoon
Salt Typhoon is the newest and possibly scariest group in China’s cyber army that has been found in recent months.
In October, Salt Typhoon made news for a much more complex exercise. The Wall Street Journal was the first to report that a hacking group with ties to China is thought to have hacked into the wiretap systems of several U.S. internet and phone companies, such as AT&T, Lumen (formerly CenturyLink), and Verizon.
One story says that Salt Typhoon may have gotten into these companies by using Cisco routers that had been hacked. People say that the U.S. government is just starting to look into this.
The Journal quoted national security sources who said the breach could be “potentially catastrophic.” The size of the internet provider hacks is still unknown. The Salt Typhoon may have gotten to a lot of information that the U.S. government wants by getting into systems that law enforcement uses to collect court-ordered customer data. This could include information about Chinese people that the U.S. is spying on.
Also Read: Chinese Spy Balloon Suspected by the Pentagon to Be Above the Us
WSJ says the hackers may have had access to the internet service companies’ wiretap systems “for months or longer.” No one knows when the breach happened yet.
What do you say about this story? Visit Parhlo World For more.
