The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) announced Wednesday that they have successfully thwarted a large-scale Chinese cyber espionage operation dubbed “Volt Typhoon” that infiltrated critical infrastructure systems in the United States.
Bolt Typhoon is detected Microsoft said the culprits were state-sponsored hackers from China who had developed “capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises.”
Microsoft’s conclusions were supported by the “Five Eyes” intelligence community of the United States, United Kingdom, Canada, Australia, and New Zealand. China has denied the allegations and accused the Five Eyes countries of spreading “disinformation”.
Bolt Typhoon operations were initially thought to be centered around Guam, with the goal of disrupting American network communications across the Pacific in the event of a conflict with China, which could be triggered by China’s invasion of Taiwan. It was getting worse. Further investigation revealed that the scope of the operation was much broader, with targets including West Coast ports, oil pipelines, and the Texas power grid.
Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Said In December, China explicitly said it would use cyberwar assets to “prevent the disruption or destruction of critical infrastructure in the event of a conflict, prevent the United States from projecting power in Asia, or cause social chaos at home.” He said he was “pre-deployed” for the purpose. America. “
Bolt Typhoon is quoted Cybersecurity experts have cited it as one of the biggest and most dangerous examples of “living off the land.” This is a technique in which hackers use tools that mimic normal network activity to penetrate systems without causing damage or revealing their presence. As the Department of Homeland Security has stated, China’s operations were all about proactive reconnaissance and preparing for potentially devastating attacks should the United States and China come into conflict.
Ministry of Justice Said On Wednesday, the United States and its allies are ramping up efforts against threats like Bolt Typhoon, announcing that that particular threat had been “stopped” by removing malicious software from hundreds of routers. U.S. officials remained convinced that Chinese state-sponsored hackers were responsible for the intrusion.
Sean Newell, deputy director of the Justice Department’s National Security Division, said the Bolt Typhoon hackers created a “botnet” hidden inside network routers to conceal other hacking activity. The compromised routers were primarily older Cisco and Netgear models nearing the end of their operational life, allowing hackers to operate covertly without security programs detecting anomalous network traffic.
FBI Director Christopher Wray Said The Chinese Communist Party’s House of Representatives Select Committee said mostly obsolete routers were “easy targets” for hackers, whose operations targeted water, electricity, oil and transportation systems.
Lei said the FBI also believes China is trying to interfere in Taiwan’s 2024 election, similar to the recent presidential election. He said Chinese applications like TikTok could be used as a potential spying weapon to collect vast amounts of information about users, as China’s military is legally guaranteed to have free access to all data collected by Chinese companies. He pointed out that he was collecting information on
“Today, and literally every day, they are actively attacking our economic security and engaging in mass theft of our innovation, personal data, and corporate data,” Ray said.
CISA Director Jen Easterly warned that Chinese hackers are highly skilled at hiding inside computer systems undetected.
“They’ve developed an ability to act like system administrators, so it’s hard to tell that they’re really Chinese actors,” Easterly said.
security week report Some in the cybersecurity community have expressed concern that Bolt Typhoon may not be completely “thwarted” because it can infiltrate “thousands of organizations,” but the FBI’s court order only protects a few hundred infected routers. was aimed at.
The FBI was able to essentially find a way to tell the malware in infected routers to remove itself without damaging the router or the systems that depend on it. It appears owners of these routers were not warned in advance, but the FBI said it is now trying to notify all owners and provide security advice.
Some hardware experts say it’s safest to replace everything as soon as possible, as the effects of Bolt Typhoon may not have been completely removed from your router.
CISA issued This week’s breaking news for router manufacturers explains how the Volt Typhoon has taken control of their hardware. CISA and the FBI urged manufacturers to eliminate vulnerabilities exploited by Chinese hacker groups and to “incorporate security into the design, development, and maintenance” of their products. Some of the suggestions included in this bulletin include programming routers to automatically download software updates and making it difficult to remotely disable network security. I did.
