Daily Management Review

Chinese Hacking Network Aimed At US Vital Infrastructure Was Shut Down By The US


Chinese Hacking Network Aimed At US Vital Infrastructure Was Shut Down By The US
In response to a widespread Chinese hacking operation that successfully infiltrated thousands of internet-connected devices, the U.S. government initiated an operation in recent months, according to two Western security officials and one individual with knowledge of the situation.
According to the sources who spoke with Reuters, the Justice Department and Federal Bureau of Investigation applied for and were granted legal permission to remotely stop certain components of the Chinese cyber operation.
The Biden administration has been concentrating more and more on hacking, not just because of concern that nation states would attempt to tamper with the November election in the United States, but also because ransomware devastated the corporate world in 2023.
Intelligence officials are particularly concerned about Volt Typhoon, the hacker gang at the centre of recent activity, as they claim it is a part of a bigger campaign to infiltrate Western key infrastructure, such as utilities, internet service providers, and naval ports.
Although the Volt Typhoon campaign was first discovered in May 2023, three individuals with knowledge of the situation claim that the hackers modified some of their tactics and enlarged the scope of their operations late last year.
Due to the intrusions' widespread impact, the White House had multiple meetings with the commercial technology sector, including several cloud computing and telecommunications businesses, where the U.S. government requested help in monitoring the activity.
According to specialists in national security, China might be able to remotely interfere with crucial Indo-Pacific installations that serve or assist American military activities. According to sources, American authorities are worried that the hackers were trying to undermine the country's preparedness in the event that China invades Taiwan.
In reaction to what Beijing refers to as "collusion" between Taiwan and the United States, China, which claims democratically controlled Taiwan as its own territory, has stepped up military operations close to the island in recent years.
Both the FBI and the Justice Department declined to comment. A request for comment was not immediately answered by the Chinese embassy in Washington.
A spokesman for the Chinese foreign ministry, Mao Ning, claimed that the hacking claims were a "collective disinformation campaign" from the Five Eyes countries—a reference to the intelligence-sharing alliance consisting of the US, Canada, New Zealand, Australia, and the UK—when Western nations first expressed concern about Volt Typhoon in May.
Surveillance researchers told Reuters that Volt Typhoon has operated by seizing control of large areas of susceptible digital devices worldwide, including routers, modems, and even internet-connected surveillance cameras, in order to conceal later, downstream intrusions into additional vulnerable targets. Security experts are most concerned about this collection of remotely controlled machines, or "botnet," since it obscures the visibility of cyber defenders who keep an eye out for foreign incursions into their computer networks.
"How it works is the Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP (internet service provider) and then using that destination to route their intrusions into the real target," said a former official familiar with the matter. "To the IT team at the downstream target it just looks like a normal, native user that's sitting nearby."
It is not new for both government and criminal hackers to utilise "botnets" to finance their online activities. This method is frequently employed by attackers who wish to conceal their identity or who wish to swiftly target multiple victims at once.