China infiltrates U.S. critical infrastructure in ramp-up to conflict
The People’s Republic of China is accelerating the development of its military capabilities — including cyber operations — because it believes it will need to deter and confront the United States, US officials said yesterday.
And indeed, China-linked cyberattackers have increasingly focused on critical infrastructure systems in particular as part of a campaign by Beijing to be ready for a broader conflict, according to experts — a distinct change in strategy by China, the experts said. For instance, the highly active threat group Volt Typhoon (aka Bronze Silhouette and Vanguard Panda) has conducted attacks against the US government and defense contractors since at least 2021, but since last May it has been recognized as a threat to critical infrastructure and military bases. In fact, it’s seen as such a clear threat that it was recently disrupted by the US government and private sector companies, officials said this week.
“Over the last two years, we have become increasingly concerned about a strategic shift in PRC malicious cyber activity against US critical infrastructure,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) at the US Department of Homeland Security, stated in written testimony on Jan. 31 to the US House of Representative’s Select Committee on the Strategic Competition between the United States and the Chinese Communist Party.
She added, “We are deeply concerned that PRC actors — particularly a group referred to in industry reporting as Volt Typhoon — are seeking to compromise US critical infrastructure to pre-position for disruptive or destructive cyberattacks against that infrastructure in the event of a conflict, to prevent the United States from projecting power into Asia or to cause societal chaos inside the United States.”
China Is the “Defining Cyber Threat of This Era”
Cyberattacks from China-linked groups have been a standard attribute of the last two decades. For the most part, however, the attacks have either been cybercriminal efforts looking for a payday or espionage operations targeted at stealing government secrets and corporate intellectual property. The notorious Chinese cyber-espionage group APT1, for example, represents a team run by the People’s Liberation Army, details of which were first published by Mandiant in 2013.
And while Chinese hackers are still stealing data, conducting cybercrimes, and targeting dissidents, industry sources are confirming the shift toward disruption-readiness flagged by the US government.
“I think given the volume, it does seem like a change in strategy,” says Chris Wysopal, CTO for software security firm Veracode. “The main theme has always been ‘they’re stealing our intellectual property,’ but those days are over — it’s so much more.”
As far as goals, Chinese advanced persistent threats (APTs) are making preparations to “cripple vital assets and systems” in the event that China invades Taiwan, or to react to ongoing economic and trade tensions in the South China Sea, said FBI Director Christopher Wray in written testimony to the House Select Committee on the CCP, citing US intelligence community assessments.
To read the complete article, visit Dark Reading.