Chinese hackers spent up to 5 years in US networks: Cyber officials
Hackers from the People's Republic of China spent up to five years in U.S. networks as part of a cyber operation that targeted U.S. critical infrastructure, law enforcement and international agencies said earlier this week.
"The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People's Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States," an alert released by the agencies earlier this week said.
The yearslong operation by the state-sponsored cyber actor -- called Volt Typhoon by U.S. authorities -- was a way for China to position themselves for an attack on U.S. critical infrastructure using malware, officials said on a call with reporters.
CISA Assistant Director Eric Goldstein said the hackers were in U.S. systems for "up to five years."
"CISA and its U.S. Government partners have confirmed that this group of PRC state-sponsored cyber actors has compromised entities across multiple critical infrastructure sectors in cyberspace, including communications, energy, transportation, and water and wastewater, in the United States and its territories," a release about the incident said.
The Chinese cyber actors aimed to "launch destructive cyber-attacks that would jeopardize the physical safety of Americans and impede military readiness in the event of a major crisis or conflict with the United States," the release said.
Last week, the FBI used a court order to disrupt Volt Typhoon actors from their hacking operation.
The advisory builds upon CISA Director Jenn Easterly and FBI Director Christopher Wray's testimony last week -- in which they warned that Chinese hackers could disrupt Americans' way of life.
"The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, water sectors steps -- China was taking in other words to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous," Wray told a House panel last week. "And let's be clear, cyber threats to our critical infrastructure represent real world threats to our physical safety."
The agencies wrote in an alert that they are "concerned" about the implications of the cyber operation.
"The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts," an alert released by the agencies said. "The U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions."
Last week, Easterly warned that the Colonial Pipeline hack in 2021, which briefly shut off pipeline access for part of the country and caused panic, is something that could happen on a much wider scale, if China had their way.
"We know that what we have found is the tip of the iceberg," Goldstein said.