Tackling China’s Cyber Threat: An Insight into Evolving Risks and Responses
In today’s digital age, few cybersecurity threats are as concerning as those posed by China-backed hackers. Described by U.S. national security officials as an “epoch-defining threat,” these hackers have been infiltrating key U.S. infrastructure networks such as water, energy, and transportation. Their objective is to prepare for potential cyber-attacks amidst geopolitical tensions, notably a possible conflict over Taiwan.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,”
— Former FBI Director Christopher Wray
The U.S. government has taken significant steps to counter these threats. In January 2024, they successfully disrupted “Volt Typhoon,” a hacking group linked to the Chinese government, which was laying groundwork for potential cyber-attacks. Additionally, actions were taken against “Flax Typhoon,” another Chinese group operating under the guise of a Beijing-based cybersecurity company.
Understanding the Hackers: Volt Typhoon
First identified by Microsoft in May 2023, Volt Typhoon represents a new wave of Chinese cyber threats. This group aims not just to steal secrets but to disrupt U.S. military mobilization capabilities. They have infiltrated critical infrastructure sectors, exploiting vulnerabilities in outdated network equipment.
- Targets: Aviation, water, energy, and transportation.
- Methods: Compromising routers, firewalls, and VPNs.
- Impact: Potential disruption of U.S. responses in geopolitical conflicts.
The Rise of Flax Typhoon
This group has been active since mid-2021 and predominantly targeted organizations in Taiwan, extending its reach into the U.S. by hijacking internet-connected devices to disguise its activities. The botnet they controlled was dismantled by U.S. authorities in 2023.
Emergence of Salt Typhoon
The newest addition to China’s cyber arsenal, Salt Typhoon made headlines for breaching major U.S. telecom providers like AT&T and Verizon. Their operations have potentially compromised sensitive data used in law enforcement wiretaps.
- Targets: Telecom networks, including call metadata and audio capture.
- Method: Exploiting Cisco routers for network access.
- Scope: Potential access to government surveillance data.
“This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down.”
— John Hultquist, Mandiant Chief Analyst
The evolving landscape of cybersecurity threats from China-backed groups necessitates vigilant defense strategies. By understanding these threats’ scope and methods, the U.S. can better safeguard its critical infrastructure against potential disruptions.
