In a recent development, the United States government successfully dismantled a botnet network supported and utilized by the People’s Republic of China (PRC) to launch hidden and malicious cyberattacks on critical American infrastructure. This operation, carried out jointly by the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Cybersecurity and Infrastructure Security Agency (CISA), targeted a significant number of small office/home office (SOHO) routers across the country that had been compromised by Chinese hackers.
These Chinese hackers, referred to as “Volt Typhoon,” were using infected SOHO routers to mask their origin and conduct further cyber attacks on the United States and other foreign victims, including critical infrastructure. Most of the routers involved in the botnet network were Cisco and NetGear routers, which were particularly vulnerable due to reaching their end-of-life status, making them susceptible to exploitation as they were no longer receiving security patches or software updates from manufacturers.
Through a court-authorized operation, the joint effort involved removing the malicious software from these infected routers and implementing additional measures to sever the connection between the routers and the botnet network. The FBI recommended that users replace all end-of-life SOHO routers to prevent potential exploitation by hackers in the future.
Attorney General Merrick B. Garland stated, “The Department of Justice thwarted a hacker organization supported by the People’s Republic of China, which attempted to launch attacks on critical U.S. infrastructure using the botnet network. The United States will continue to dismantle malicious network operations that threaten the security of the American people, including those sponsored by foreign governments.”
Deputy Attorney General Lisa Monaco emphasized the importance of the collaboration between the government and private sector in combating cybercrime and safeguarding national security. She highlighted the significance of reporting incidents to effectively combat nefarious activities.
The assessment conducted by CISA, NSA, and FBI revealed that Chinese hackers supported by the PRC sought to “pre-position” themselves on the internet to launch destructive cyberattacks on critical U.S. infrastructure in the event of a major crisis or conflict.
FBI Director Christopher Wray warned about the potential threat posed by these Chinese hackers, stressing that their pre-positioning on the internet could result in concrete harm to American citizens and communities in the event of an attack on communication, energy, transportation, and water infrastructure.
The actions of these hackers have not been limited to the United States alone, as they have targeted democracies worldwide, underscoring the global nature of the threat posed by China. The use of advanced technologies like artificial intelligence to enhance their hacking capabilities adds another layer of complexity to countering these activities.
The revelations about China’s attempts to infiltrate U.S. infrastructure have raised concerns globally, with experts acknowledging the extensive scale and sophistication of the Volt Typhoon hacker system sponsored by the Chinese government.
The enduring threat posed by Chinese hackers highlights the need for robust investments to secure critical national infrastructure globally. Daniel Cuthbert, a member of the UK Government’s Cybersecurity Advisory Committee, remarked that the activities of the Volt Typhoon hackers pose a significant risk not just to the United States but to any member of the critical national infrastructure community worldwide.
In conclusion, the pervasive and insidious threats posed by China through cyber espionage, economic espionage, election interference, and transnational repression underscore the urgent need for coordinated international efforts to counteract these malicious activities. Only through concerted cooperation can the nations of the world effectively address and mitigate the challenges presented by Chinese cyber threats.