Understanding the Rising Threat of China-Backed Cyber Attacks on U.S. Infrastructure
Amidst the landscape of cybersecurity threats facing the United States, a significant concern revolves around the potential sabotage capabilities of China-backed hackers. Described as an “epoch-defining threat” by senior U.S. national security officials, these hackers are allegedly infiltrating critical infrastructure in sectors like water, energy, and transportation to prepare for possible future conflicts.
According to former FBI Director Christopher Wray, “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.” This underscores the urgency of addressing this looming threat.
- Volt Typhoon: Discovered by Microsoft in May 2023, this group has been infiltrating U.S. infrastructure since mid-2021. Their focus is not merely on stealing secrets but on disrupting military mobilization capabilities.
- Flax Typhoon: Uncovered by Microsoft in August 2023, this group operates under the guise of a Beijing-based cybersecurity company and has been targeting critical infrastructure globally.
- Salt Typhoon: Known for compromising telecom networks like AT&T and Verizon, this group gathers intelligence on U.S. law enforcement wiretaps and other sensitive data.
- Silk Typhoon: Previously known as Hafnium, this group focuses on reconnaissance and data theft, with recent activities targeting the U.S. Treasury.
“This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,” said John Hultquist, chief analyst at security firm Mandiant.
{John Hultquist}
The U.S. government has taken decisive actions against these threats, including dismantling botnets controlled by Volt and Flax Typhoon and imposing sanctions on companies linked to these activities.
The stakes are high, with Guam being a strategic target due to its military significance. In January 2025, Bloomberg reported over 100 intrusions linked to Volt Typhoon across U.S. territories, illustrating the widespread impact of these cyber threats.
Conclusion: It is crucial for the U.S. to remain vigilant against these sophisticated cyber adversaries. By understanding their tactics and strengthening defenses, we can protect our critical infrastructure from potential disruptions that could have far-reaching consequences.
