The United States government has disrupted parts of a major hacking campaign attributed to a threat actor linked to China, according to Reuters.
The news giant learned from unnamed Western security officials and one person familiar with the matter that the FBI and the Justice Department have been authorized to remotely disable some aspects of a Chinese cyber operation named Volt Typhoon, which has been known to target critical infrastructure.
The disruption attempt reportedly took place in recent months, but no details are available on exactly what was targeted or what actions were taken.
Volt Typhoon came to light in May 2023, when Microsoft warned that Chinese government hackers had been stealing data from critical infrastructure in the US territory of Guam.
In December, the hacking operation was linked to what was described as an ‘unkillable’ botnet powered by many routers and other IoT devices, predominantly easy-to-hack products that had reached end of life.
Cybersecurity firm SecurityScorecard reported earlier this month that it had found evidence suggesting that the UK and Australian governments have also been targeted by Volt Typhoon.
SecurityScorecard’s research found that the hackers had compromised many vulnerable Cisco routers between late-November and early January. The fact that these router hijacking attacks are very recent indicates that the hackers are likely still active even after the US’s disruption attempt.
The threat actor has been around since at least mid-2021, targeting organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, IT, and education sectors.
Reuters reported that the White House has asked the private sector for assistance in tracking Volt Typhoon. National security experts told the news service that attacks such as the ones conducted by this group could enable China to “remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations”.
Some of Reuters’ sources raised concerns that the hackers’ goal may be to disrupt the readiness of the United States in case China invades Taiwan.
“This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the US. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,” John Hultquist, chief analyst at Mandiant Intelligence, which is part of Google Cloud, told SecurityWeek.
Hultquist previously discussed the activities of Volt Typhoon and the threat posed by the hacker group at SecurityWeek’s 2023 ICS Cybersecurity Conference.