China Infiltrates US Critical Infrastructure in Ramp-up to Conflict

  /     /     /  
Publicated : 23/11/2024   Category : security


China Infiltrates US Critical Infrastructure in Ramp-up to Conflict


Threat actors linked to the Peoples Republic of China, such as Volt Typhoon, continue to pre-position themselves in the critical infrastructure of the United States, according to military and law enforcement officials.



The Peoples Republic of China is accelerating the development of its military capabilities — including cyber operations — because it believes it will need to deter and confront the United States, US officials said yesterday.
And indeed, China-linked cyberattackers have increasingly focused on critical infrastructure systems in particular as part of a campaign by Beijing to be ready for a broader conflict, according to experts — a distinct change in strategy by China, the experts said. For instance, the highly active threat group Volt Typhoon (aka Bronze Silhouette and Vanguard Panda) has conducted attacks against the US government and defense contractors since at least 2021, but since last May it has been recognized as
a threat to critical infrastructure and military bases
. In fact, its seen as such a clear threat that it was
recently disrupted by the US government and private sector companies
, officials said this week.
Over the last two years, we have become increasingly concerned about a strategic shift in PRC malicious cyber activity against
US critical infrastructure
, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) at the US Department of Homeland Security, stated in written testimony on Jan. 31 to the US House of Representatives Select Committee on the Strategic Competition between the United States and the Chinese Communist Party.
She added, We are deeply concerned that PRC actors — particularly a group referred to in industry reporting as
Volt Typhoon — are seeking to compromise US critical infrastructure
to pre-position for disruptive or destructive cyberattacks against that infrastructure in the event of a conflict, to prevent the United States from projecting power into Asia or to cause societal chaos inside the United States.
Cyberattacks from China-linked groups have been a standard attribute of the last two decades. For the most part, however, the attacks have either been cybercriminal efforts looking for a payday or
espionage operations targeted at stealing government secrets
and corporate intellectual property. The notorious Chinese cyber-espionage group APT1, for example, represents a team run by the Peoples Liberation Army, details of which were
first published by Mandiant in 2013
.
And while Chinese hackers are still stealing data, conducting cybercrimes, and targeting dissidents, industry sources are confirming the shift toward disruption-readiness flagged by the US government.
I think given the volume, it does seem like a change in strategy, says Chris Wysopal, CTO for software security firm Veracode. The main theme has always been theyre stealing our intellectual property, but those days are over — its so much more.
As far as goals, Chinese advanced persistent threats (APTs) are making preparations to cripple vital assets and systems in the event that China invades Taiwan, or to react to ongoing
economic and trade tensions in the South China Sea
, said FBI Director Christopher Wray in written testimony to the House Select Committee on the CCP, citing US intelligence community assessments.
The PRC represents the defining threat of this era, he said. There is no country that presents a broader, more comprehensive threat to our ideas, our innovation, our economic security, and, ultimately, our national security. ... The PRC uses every means at its disposal to impact our economic security — blending cyber capabilities, human intelligence, corporate transactions, and other means of attacking and exploiting US companies to advance its own economic growth, national power, and military capability.
Wray also used the testimony to argue for the FBIs budget and for foreign surveillance powers. Any reduction to the FBIs budget would hurt the agencys ability to monitor and foil preparatory attacks by Chinese actors, he said. 
Even if the FBI focused all of its cyber-agents and intelligence analysts on the PRC threat, PRC-backed cyber-threat actors would still outnumber FBI cyber-personnel at least 50 to one, Wray said. They are attempting multiple cyber-operations each day in domestic Internet space, where only the FBI has the authorities to monitor and disrupt.
A key tactical component of the latest Chinese cyberattacks on critical infrastructure has been the
compromise of small-office, home-office (SOHO) routers
— the assailants, including Volt Typhoon, are then using those compromises to cover the source of later attacks. The focus on small business routers underscored once again that unmanaged technologies have become a national security liability. Of the 34 router vulnerabilities currently in CISAs Known Exploited Vulnerabilities (KEV) catalog, nine appear to have no patches available from the manufacturers, Veracodes Wysopal noted. 
So thats a pretty telling figure — that more than 25% of routers that are being actively attacked dont even have patches, he says. Thats the state of the edge in the small office and home, but I guess the same is happening in the corporate world with all those different
edge devices and VPN devices
.
In addition, rather than using malware, the attackers are often using systems administration tools to hide their attacks within legitimate activity, a
tactic known as living off the land.
Camouflaging their cyber-offensive actions as legitimate activity has made the attacks much harder to detect, according to officials testimony.
Overall, US technology firms and their customers — both businesses and individuals — need to take stock of how their use of technology, and failure to maintain that technology, may be contributing to the threat to critical infrastructure, says Lisa Plaggemier, executive director at the National Cybersecurity Alliance, a nonprofit cybersecurity education and outreach organization.
The fact that attackers are taking over small-business routers should be disturbing if Im a small business or an individual, she says. It should be a wake-up call that there are things [for which] you have responsibilities, and you need to be informed about how to use technology.

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
China Infiltrates US Critical Infrastructure in Ramp-up to Conflict