Dive Brief:
- State-linked hackers, backed by the People’s Republic of China, are actively positioned to attack critical infrastructure providers in the U.S., FBI Director Christopher Wray told a House committee Wednesday.
- “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real world harm to American citizens and communities if and when China decides the time is right to strike,” Wray said in testimony before the House Select Committee on the Chinese Communist Party.
- The FBI and Department of Justice disclosed Wednesday a court-authorized disruption of a botnet linked to the Volt Typhoon threat campaign from 2023, which Wray noted during his testimony. The hackers installed KV Botnet malware on hundreds of small office/home office routers in the U.S., in a plan to target critical infrastructure providers through the compromised hosts.
Dive Insight:
The testimony from Wray and other top cybersecurity officials was a stark warning about what officials say is an ongoing threat from the state-linked hackers to cause mass disruption and panic across the U.S. The attacks would target critical infrastructure, including water treatment plants, oil and natural gas pipelines, transportation systems and the electric grid.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said the agency has seen an evolution of threat activity from China-linked hackers “burrowing deep” into U.S. critical infrastructure for years as part of an effort to potentially incite “societal panic and chaos.”
Easterly said the 2021 ransomware attack on Colonial Pipeline hinted at the type of panic that could be created by such an attack. The plan by the China-linked threat actors would be to “crush American will” in the event the military needed to defend Taiwan against a military attack.
The threat is not theoretical, Easterly said. The agency previously found and eradicated China-linked intrusions into multiple sectors, including telecommunications, energy, aviation and water infrastructure.
Easterly specifically called out the technology industry for continually building products with security flaws built into them, which is making critical infrastructure providers more vulnerable to malicious hacking.
Officials also used the testimony as a call to action. Companies that have been compromised need to immediately share that information with CISA or local FBI offices so the intelligence can be shared in order to combat larger threats, Easterly said.
The threat from China has been growing for years, cybersecurity industry experts said, and in many ways it's outpacing their ability to keep up with all of the activity.
“Volt Typhoon is very focused on targeting U.S. critical infrastructure by staying below the radar, and works hard to reduce the signatures we use to hunt them across networks,” Sandra Joyce, VP, Mandiant Intelligence, Google Cloud, said in a statement. “They are making use of compromised systems to blend in with normal network activity and constantly change the source of their activity.”
