Chinese hackers have infiltrated dozens of US critical infrastructure units, which include water and power utilities, oil and gas pipelines, transportation and communication facilities. This intrusion is believed to be part of China’s effort to target US logistics amid the growing rift in the Pacific region.
For years, China and the US have been exchanging blame for various cyberattacks, the latest of this was the Volt Typhoon Campaign.
This campaign attacked a port on the West Coast, water facilities in Hawaii, a critical oil and gas pipeline, and a Texas power grid operator.
The intrusion failed to cause any disruptions but reports say the attack on Hawaii suggested that China’s People’s Liberation Army was targeting the operations of the Pacific fleet.
The hackers stole employee credentials, which they use to access back door entries and utilized home and workplace routers to cover their tracks.
This so-called Volt Typhoon campaign began in 2021. China’s PLA hackers attacked multiple US sectors, including manufacturing, education, communications, information, technology, utilities, construction, and more.
In response to these threats, the US authorities have recommended strict monitoring and mitigation strategies, as well as, large-scale password resets.
The National Security Agency told the Washington Post that the hackers seem to concentrate on targets in the Indo-Pacific region, especially Hawaii because it is home to the US fleet.
Before this event, the hackers also attempted to infiltrate computer systems in Texas. Most of Texas is on its power grid, separate from what is used in the country.
They were also able to hack around 60,000 emails from the unclassified boxes of 10 State Department employees in September.
The National Security also published a Joint Cybersecurity Advisory alongside authorities from Australia, Canada, New Zealand, and the U.K. — the so-called Five Eyes countries — containing a guide for the tactics, techniques, and procedures employed in the allegedly Chinese state-sponsored attacks.
“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis,” Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, told the Washington Post.
“That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”
China’s cyberbullying also targeted sectors in Canada and Guam.
Crap it sounds like a declaration of war!