Before the US election, the cyber operations supported by the Chinese government have intensified significantly compared to the past, penetrating at least two major Internet service providers (ISPs) in the United States, secretly monitoring millions of American network users. Experts believe that the disclosure of this matter through unofficial channels by the United States during National Security Advisor Jake Sullivan’s visit to Beijing is also a warning to China not to interfere in the election.
In recent months, cyber intrusions supported by the Chinese government have targeted several American Internet service providers, monitoring their users, including compromising at least two major providers with millions of customers in the United States.
According to a report released by Black Lotus Labs, a subsidiary of Lumen Technologies, on August 27, a hacker group named “Volt Typhoon” supported by the Chinese government launched this network espionage operation. The hackers exploited a previously unknown zero-day vulnerability in a program developed by Versa Networks to manage wide area networks.
TechCrunch quoted Mike Horka, a security researcher at Lumen Technologies and a former FBI special agent, stating that this cyber attack not only targeted telecommunications companies but also hosting service providers and Internet service providers, allowing them to compromise key locations and gain more access.
Horka mentioned that four affected companies were discovered in the United States, including two Internet service providers, a hosting service provider, an IT provider, and one overseas company in India, all of which fell victim to the cyber intrusion.
Another cybersecurity company, Volexity, also reported earlier this month that another advanced technique was being executed on a different Internet service provider.
The Washington Post cited Brandon Wales, former Executive Director of Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, who stated that “this has become routine for China, but there has been a significant escalation compared to the past, indicating a worsening situation.”
The Chinese Embassy in Washington has denied these allegations. Taiwan’s Defense Security Research Institute’s Vice Research Fellow Zeng Yishuo mentioned that the intrusion of “Volt Typhoon” into the American network communication industry has raised high concern, with reports on the matter continuing since 2023. The United States aims to let these hacker groups and their backers in China know that they are being monitored closely.
Ever since the discovery of “Volt Typhoon” last year, the U.S. Department of Justice, FBI, National Security Agency (NSA), and CISA have all confirmed that this hacker group, supported by the Chinese government, has been launching a series of cyber attacks and espionage activities against the United States and its allies.
In May 2023, Microsoft announced that “Volt Typhoon” had breached critical infrastructure in the United States, including a water treatment facility in Guam. Microsoft confirmed that the purpose of the intrusion was to disrupt key communication infrastructure between the U.S. and Asia during future crises.
“Volt Typhoon” attempted to use botnet attacks to target critical infrastructure in the United States.
Timothy D. Haugh, the head of U.S. Cyber Command and NSA Director, warned in June this year that China is actively trying to disrupt the U.S. defense industry, specifically mentioning “Volt Typhoon.”
Su Ziyun, Director of the Taiwan Institute of Defense Strategy and Resources, stated that the characteristic of “Volt Typhoon” is its ability to remain dormant for an extended period, activating only upon receiving instructions, making it difficult to detect.
He added, “Infiltrating various infrastructures of the opponent can have a significant destructive impact. When necessary, it can create chaos. For instance, private addresses of all customers of a telecommunications service provider, as well as communication partners, may be collected. Even the content of communication between the White House, Congress leaders, and military personnel could be gathered by China.”
Zeng Yishuo expressed that “Volt Typhoon” is just one of the hacker groups under the Chinese Communist Party (CCP), with the CCP primarily engaging existing private hacker groups through procurement and outsourcing to conduct intrusion activities. Apart from stealing confidential information from the defense industrial base and business intelligence of governments, they might also infiltrate hospital organizations or health insurance systems to monitor the health conditions of world leaders.
He believed that the timing of the United States issuing a warning about “Volt Typhoon” is due to the upcoming election. Election facilities are considered critical infrastructure, and the warning is aimed at preventing China from interfering with or disrupting the upcoming U.S. presidential election through cyber intrusions.
From August 27 to 29 this year, U.S. National Security Advisor Sullivan visited Beijing and held meetings with corresponding officials, including Chinese Foreign Minister Wang Yi and Deputy Chairman of the Central Military Commission Zhang Youxia. This marked Sullivan’s first visit to China as the White House National Security Advisor.
Su Ziyun remarked that the escalating Chinese cyber aggression further demonstrates China’s aggressive hostility towards democratic countries, which will further worsen the relationship between the U.S. and China. Sullivan’s discussions with Beijing are crucial for strategic security, and cybersecurity is believed to be one of the topics on the agenda.