China-backed hackers have maintained access to American critical infrastructure for “at least five years” with the long-term goal of launching “destructive” cyberattacks, a coalition of U.S. intelligence agencies warned on Wednesday.
Key Takeaway
China-backed hackers, specifically Volt Typhoon, have been targeting and maintaining access to U.S. critical infrastructure for an extended period, posing a significant threat to national security and the functioning of essential systems.
Strategic Shift in Cyber Operations
Volt Typhoon, a state-sponsored group of hackers based in China, has been burrowing into the networks of aviation, rail, mass transit, highway, maritime, pipeline, water and sewage organizations in the United States. The NSA, CISA, and FBI jointly published an advisory on Wednesday, highlighting the group’s strategic shift from traditional cyber espionage to preparing for potential disruptive cyberattacks on operational technology in the event of a major conflict or crisis.
International Concern and Warnings
The release of the advisory, co-signed by cybersecurity agencies in the United Kingdom, Australia, Canada, and New Zealand, follows a similar warning from FBI Director Christopher Wray. He described Volt Typhoon as “the defining threat of our generation” and emphasized the group’s aim to disrupt the U.S. military’s ability to mobilize in the early stages of a potential conflict over Taiwan.
Exploitation of Vulnerabilities
The advisory revealed that Volt Typhoon has been exploiting vulnerabilities in routers, firewalls, and VPNs to gain initial access to critical infrastructure across the country. The China-backed hackers have leveraged stolen administrator credentials to maintain access, with some instances of maintaining access for “at least five years.”
