U.S. disabled Chinese hacking network targeting critical infrastructure: Sources

The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to sources

January 30, 2024 10:33 am | Updated 10:33 am IST

While the Volt Typhoon campaign initially came to light in May 2023, the hackers expanded the scope of their operations late last year and changed some of their techniques, said sources [File]

While the Volt Typhoon campaign initially came to light in May 2023, the hackers expanded the scope of their operations late last year and changed some of their techniques, said sources [File] | Photo Credit: REUTERS

The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

The Justice Department and Federal Bureau of Investigation sought and received legal authorisation to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

The Biden administration has increasingly focused on hacking, not only for fear nation states may try to disrupt the U.S. election in November, but because ransomware wreaked havoc on Corporate America in 2023.

The hacking group at the center of recent activity, Volt Typhoon, has especially alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

While the Volt Typhoon campaign initially came to light in May 2023, the hackers expanded the scope of their operations late last year and changed some of their techniques, according to three people familiar with the matter.

The widespread nature of the hacks led to a series of meetings between the White House and private technology industry, including several telecommunications and cloud commuting companies, where the U.S. government asked for assistance in tracking the activity.

Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service U.S. military operations. Sources said U.S. officials are concerned the hackers were working to hurt U.S. readiness in case of a Chinese invasion of Taiwan.

China, which claims democratically governed Taiwan as its own territory, has increased its military activities near the island in recent years in response to what Beijing calls "collusion" between Taiwan and the United States.

The Justice Department and FBI declined to comment. The Chinese embassy in Washington did not immediately respond to a request for comment.

When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a "collective disinformation campaign" from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.

Volt Typhoon has functioned by taking control of swaths of vulnerable digital devices around the world - such as routers, modems, and even internet-connected security cameras - to hide later, downstream attacks into more sensitive targets, security researchers told Reuters. This constellation of remotely controlled systems, known as a botnet, are of primary concern to security officials because they limit the visibility of cyber defenders that monitor for foreign footprints in their computer networks.

"How it works is the Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP (internet service provider) and then using that destination to route their intrusions into the real target," said a former official familiar with the matter. "To the IT team at the downstream target it just looks like a normal, native user that's sitting nearby."

The use of so-called botnets by both government and criminal hackers to launder their cyber operations is not new. The approach is often used when an attacker wants to quickly target numerous victims simultaneously or seeks to hide their origins.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.