The United States National Security Agency director, General Timothy Haugh, who also serves as the newly appointed military cyber director and head of the nation’s main electronic espionage agency, is tasked with monitoring secret activities of the Chinese Communist Party (CCP) aimed at stealing sensitive American data and weapon technology.
Recently, he has taken note of an unusual CCP threat that does not focus on stealing military secrets or data, but rather infiltrates the infrastructure supporting daily life, seemingly waiting for the right moment to launch cyber attacks and create chaos.
During a security conference in Singapore, General Haugh expressed concerns about this unique and alarming threat. He questioned the motives behind the attacks and raised concerns about the potential targets and how they are identified.
The “Volt Typhoon” is the name given by the US cybersecurity community to a group of Chinese hackers believed to be monitoring critical infrastructure in America, including communication and transportation sectors, for potential future attacks. General Haugh emphasized that their purpose seems to be pre-deployment for future malicious activities.
Analysis suggests that the CCP has clandestinely wired networks within American infrastructure to potentially target key facilities in locations like Guam during regional conflicts with the United States.
General Haugh highlighted the seriousness of individuals attempting to infiltrate critical infrastructure networks that hold no intelligence value, raising further concerns about the intentions behind such actions.
Unlike hackers supported by other nations who typically attack networks to steal data using tools, the CCP’s approach involves pre-deployment tactics without inserting tools or extracting data. This distinct strategy raises red flags for US cybersecurity experts.
American officials fear that during a conflict in the Taiwan Strait, the CCP could exploit potential access rights to disrupt critical infrastructure in the US or allied countries, causing disruptions to civilian life and potentially harming civilians.
Concerns are particularly high regarding attacks on water supply systems, with “Volt Typhoon” compromising networks in Guam, a crucial US territory in the Western Pacific essential for military operations, especially in potential conflicts with the CCP.
When asked about penetration into US military networks by “Volt Typhoon,” General Haugh stated they remain vigilant in these areas due to attempted tactics, aiming to protect against future cyber threats.
Last year, Microsoft revealed that networks affiliated with the CCP primarily targeted networks in Guam and other US locations, including communication, transportation, maritime, and other sectors. The hackers are likely developing capabilities to disrupt critical communication infrastructure between the US and Asia during crises.
In January of this year, the US government announced the dismantling of CCP hackers’ operations but warned that the scale of Chinese government efforts exceeded previous levels.
In addressing the potential expansion of CCP intrusions, General Haugh expressed expectations of broader impacts and discoveries in various sectors. The focus remains on raising awareness of these threats within the cybersecurity community.
The tactics employed by “Volt Typhoon” currently make it harder for network defenders to detect breaches. General Haugh emphasized the need to strengthen defenses to counter hackers’ evolving strategies.
He mentioned that CCP hackers often hijack online user identities to gain access and operate within targeted systems, a tactic referred to as “mountain-climbing-rat-eating.” In combating these threats, US cybersecurity professionals not only use conventional methods but also monitor user activities to thwart unauthorized access attempts.
By publicly disclosing these details, the US aims to inform other countries and operators of critical infrastructure about the threat landscape and effective response strategies. Moreover, enhancing defenses remains crucial to making it increasingly difficult for hackers to succeed.
General Haugh noted that CCP cyber attacks against the US continue to grow in number and complexity, making quantification challenging given the evolving nature of threats and limited visibility into all activities. He hinted at recent disclosures further exposing the scope of CCP-supported activities.
This included revelations about the business operations of a Chinese tech company, I-Soon, which allegedly infiltrated dozens of government targets in countries like Malaysia, Thailand, Mongolia, universities in Hong Kong, Taiwan, and France, with major clients including CCP security agencies, military, and regional level institutions.
While the CCP government denies supporting cyber attacks and espionage activities, accusing the US of similar actions, American authorities have gathered evidence over the years to accuse CCP hackers of stealing classified information.
General Haugh stressed close collaboration with US defense contractors to prevent CCP theft of sensitive US weapon information. With oversight of over a thousand defense-related companies, sharing threat intelligence ensures a proactive approach to cybersecurity defense. Vigilance and collaboration among these entities play a critical role in safeguarding national security interests.