Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Government

US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report 

US government reportedly disabled parts of a botnet-powered cyber campaign conducted by the Chinese threat actor Volt Typhoon.

China

The United States government has disrupted parts of a major hacking campaign attributed to a threat actor linked to China, according to Reuters.

The news giant learned from unnamed Western security officials and one person familiar with the matter that the FBI and the Justice Department have been authorized to remotely disable some aspects of a Chinese cyber operation named Volt Typhoon, which has been known to target critical infrastructure.

The disruption attempt reportedly took place in recent months, but no details are available on exactly what was targeted or what actions were taken. 

Volt Typhoon came to light in May 2023, when Microsoft warned that Chinese government hackers had been stealing data from critical infrastructure in the US territory of Guam. 

In December, the hacking operation was linked to what was described as an ‘unkillable’ botnet powered by many routers and other IoT devices, predominantly easy-to-hack products that had reached end of life.

Cybersecurity firm SecurityScorecard reported earlier this month that it had found evidence suggesting that the UK and Australian governments have also been targeted by Volt Typhoon. 

SecurityScorecard’s research found that the hackers had compromised many vulnerable Cisco routers between late-November and early January. The fact that these router hijacking attacks are very recent indicates that the hackers are likely still active even after the US’s disruption attempt. 

The threat actor has been around since at least mid-2021, targeting organizations in the  communications, manufacturing, utility, transportation, construction, maritime, government, IT, and education sectors. 

Advertisement. Scroll to continue reading.

Reuters reported that the White House has asked the private sector for assistance in tracking Volt Typhoon. National security experts told the news service that attacks such as the ones conducted by this group could enable China to “remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations”. 

Some of Reuters’ sources raised concerns that the hackers’ goal may be to disrupt the readiness of the United States in case China invades Taiwan. 

“This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the US. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,” John Hultquist, chief analyst at Mandiant Intelligence, which is part of Google Cloud, told SecurityWeek.

Hultquist previously discussed the activities of Volt Typhoon and the threat posed by the hacker group at SecurityWeek’s 2023 ICS Cybersecurity Conference.

Related: Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware

Related: Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

Related: Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Cyberwarfare

US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.

Funding/M&A

Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Government

CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.

Cloud Security

Redmond is accused of “negligent cybersecurity practices” that enabled a successful Chinese hack of the United States government.

Government

TSA instructs airport and aircraft operators to improve their cybersecurity resilience and prevent infrastructure disruption and degradation.