U.S. officials announced the disruption of a state-backed Chinese cyber operation aimed at planting malware with the potential to damage critical infrastructure, including water treatment plants, the electrical grid, and transportation systems in the United States. The operation targeted a botnet of hundreds of U.S.-based small office and home routers owned by private citizens and companies, hijacked by Chinese hackers to cover their tracks while deploying malware. FBI Director Chris Wray warned that China is positioning itself to disrupt the daily lives of Americans in the event of a U.S.-China conflict. The disrupted operation was attributed to a group of hackers known as Volt Typhoon.
Wray and other officials emphasized the cyber threat posed by China, indicating that Beijing-backed hackers are preparing to cause real-world harm to American citizens and communities. The disruption targeted a portion of the Volt Typhoon operation using court-approved search-and-seizure orders, aiming to prevent the exploitation of U.S. critical infrastructure.
Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, expressed concerns about China endangering American lives through the disruption of pipelines, telecommunication networks, water facilities, and transportation modes. The disruption efforts focused on a botnet that served as one form of infrastructure used by Volt Typhoon to hide their activities. The Chinese hackers, associated with state-backed efforts, have reportedly infiltrated targets through various avenues, including cloud and internet providers.
The operation aligns with recent assessments from cybersecurity firms, including Microsoft, which warned of state-backed Chinese hackers targeting U.S. critical infrastructure. The disrupted botnet operation involved routers that were no longer supported by security updates, making them susceptible to exploitation. U.S. officials, acknowledging the urgent nature of the threat, deleted the malware from routers without directly notifying owners and added code to prevent re-infection.
The comments by U.S. officials highlight the evolving and adaptive nature of state-backed hackers and the urgency to address vulnerabilities in critical infrastructure. The disruption efforts underscore the ongoing efforts by the U.S. to counter and dismantle cyber operations threatening national security and critical infrastructure.
