Chinese Hackers Continue to Threaten US National Security
The Chinese Communist Party’s hacker organizations have been infiltrating various sectors in the United States, posing a persistent threat to the country’s national security. This has forced the US to take actions both online and in the physical world to combat these hacker groups.
According to a recent exclusive report by The Wall Street Journal, a hacker organization known as “Salt Typhoon” linked to the Chinese government has breached the networks of multiple broadband providers in the US. Sources familiar with the matter stated that this hacker group may have obtained information from systems used by the US federal government for lawful network monitoring, with the apparent goal of intelligence gathering.
Insiders revealed that the hackers may have accessed the relevant network infrastructure for several months or even longer. These network service providers have clients that include businesses of all sizes and millions of American citizens, posing significant national security risks to the US.
The disclosure of “Salt Typhoon” was first reported on September 25, with this latest report providing further details on the incident. Currently, the US government and security analysts are actively investigating to confirm the extent of the attack and the level of data browsing and theft by the hackers.
Prior to this, the FBI had just announced the discovery and dismantling of a Chinese government-linked hacker organization called “Flax Typhoon.”
FBI Director Christopher Wray stated at a cybersecurity summit in Washington that this action was part of Beijing’s larger-scale operations. “Flax Typhoon hijacked Internet of Things devices such as cameras, video recorders, and storage devices, which are commonly found in both large and small institutions.”
Wray mentioned that these hackers operated under the guise of an information security company, collecting information from companies, media, universities, and government agencies. They utilized hundreds of thousands of Internet-connected devices to create a botnet that helped them disrupt systems and leak sensitive data. The FBI, along with partners, took control of the botnet under a court order and tracked the hackers when they attempted to switch to backup systems.
As of June this year, the “Flax Typhoon” botnet had exploited over 260,000 devices in North America, Europe, Africa, and Southeast Asia, according to the US National Security Agency.
Wray also noted that “Flax Typhoon” seemed to build upon vulnerabilities and strategies of another Chinese government-linked hacker organization called “Volt Typhoon,” discovered by Microsoft in May last year.
Back then, Microsoft revealed targeted and covert malicious activities against US critical infrastructure. These attacks were attributed to the Chinese government-funded group “Volt Typhoon,” focusing on espionage and information collection. Microsoft assessed that these activities sought to undermine the ability to communicate between the US and Asia during “future crises.”
Operationally since mid-2021, “Volt Typhoon” was reported to target key infrastructure areas in Guam and other regions of the US, ranging from communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, to education.
The modus operandi of “Volt Typhoon” involved controlling a vast number of vulnerable digital devices globally, including routers, modems, and even networked security cameras, to conceal themselves and later launch attacks on more sensitive downstream targets.
With escalating tensions in the Taiwan Strait, the activities of Chinese hackers raise concerns about potential disruptions to critical US infrastructure during a “future crisis,” such as an outbreak of conflict in the region.
Regarding all the above accusations against Chinese hackers made by the US, the Chinese Embassy in Washington has consistently denied them.
In addition to the series of hacker organizations with names containing “Typhoon,” the US government has previously identified a large number of Chinese government-backed hacker groups, such as APT1, APT2, APT31, and APT40.
APT stands for Advanced Persistent Threat, and not all hacker organizations bearing the APT designation are from China; some originate from Russia, Iran, and North Korea.
So far, over a dozen APT organizations connected to the Chinese government have been uncovered. Most of these organizations’ masterminds have been identified, with some linked to the Chinese military and various subordinate agencies of the Chinese Ministry of State Security.
Professor Lin Zongnan from the Department of Electrical Engineering at National Taiwan University explained to Epoch Times that “Salt Typhoon,” “Flax Typhoon,” and “Volt Typhoon” are like code names for hacker organizations. APT refers to tactics used in cyber attacks. These organizations are state-level hacker groups. Different cybersecurity agencies name them based on their tactics and objectives, and the variations in naming do not imply substantive differences in these hacker organizations themselves.
According to US officials, APT31 is a group of intelligence personnel and contract hackers supported by China, engaged in malicious cyber intrusion operations and directly led by the Hubei National Security Bureau, a vertical management agency under the Chinese Ministry of State Security. They have targeted a broad range of individuals and entities related to US national security and some critical infrastructure industries.
In March this year, the US State Department offered a reward of $10 million for information leading to the capture of APT31 and seven relevant Chinese nationals, linked to a 14-year-long hacking operation.
A statement from the US Department of the Treasury at the time highlighted that, as emphasized in the latest Annual Threat Assessment by the Office of the Director of National Intelligence, Chinese government-supported malicious cyber actors pose one of the most significant and enduring threats to US national security.
Of course, the targets of Chinese hackers are not limited to the US.
On July 9, Australia, along with seven allied countries including the US, released a report naming the Chinese Ministry of State Security-controlled hacker organization APT40 for ongoing malicious cyber attacks targeting the government and private sectors in Australia and other countries.
The report from Australia’s cyber intelligence agency indicated that APT40 had conducted multiple malicious attacks on networks in the Indo-Pacific region. Cybersecurity and intelligence agencies from the US, UK, Canada, New Zealand, Japan, South Korea, and Germany collectively contributed to the report.
The report explicitly stated that the Chinese Ministry of State Security was the mastermind behind APT40’s malicious cyber activities. In a hack in April 2022, the organization stole hundreds of usernames and passwords and intercepted verification codes.
(Reporting by Ning Xin contributed to this article)