US says it dismantled China-backed hacker network that targeted American infrastructure

Hong Kong Free Press

US authorities said Wednesday they had dismantled a network of hackers known as Volt Typhoon, which was targeting key American public sector infrastructure like water treatment plants and transportation systems at the behest of China.

close up view of system hacking in a monitor — Photo by Tima Miroshnichenko on Pexels.com

FBI Director Christopher Wray explained the operation in testimony before a congressional committee on US-China competition, and the Justice Department offered more details in a statement.

In May 2023, the United States and its allies had accused Volt Typhoon, described as a “state-sponsored hacking group” backed by China, of infiltrating critical US infrastructure networks — claims rejected by Beijing.

“Just this morning, we announced an operation where we and our partners identified hundreds of routers that had been taken over by the PRC state-sponsored hacking group known as Volt Typhoon,” Wray told lawmakers, referring to China by its official acronym.

“The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation and water sectors.”

Christopher Wray, Director, Federal Bureau of Investigation, USA, speaks in Ransomware: To Pay or Not to Pay at the World Economic Forum Annual Meeting 2023 in Davos-Klosters, Switzerland on January 19 2023. Congress Center - Photo: Michael Calabro/World Economic Forum, via Flickr CC2.0. — Christopher Wray, Director, Federal Bureau of Investigation, USA, speaks in Ransomware: To Pay or Not to Pay at the World Economic Forum Annual Meeting 2023 in Davos-Klosters, Switzerland on January 19 2023. Congress Center – Photo: Michael Calabro/World Economic Forum, via Flickr CC2.0.

Wray accused the hackers of readying to “wreak havoc and cause real-world harm to American citizens and communities.”

“If and when China decides the time has come to strike, they’re not focused just on political or military targets,” he added. “Low blows against civilians are part of China’s plan.”

Assistant Attorney General Matthew Olsen, who works in the Justice Department’s national security division, said access to US infrastructure sought by Volt Typhoon was something China “would be able to leverage during a future crisis.”

The US operation to disrupt the hackers was authorized by a federal court in Texas, the Justice Department said in its statement.

US Assistant Attorney General Matthew Olsen. File photo: Erin Scott/CNAS, via Flickr CC2.0.

By taking control of hundreds of routers, which were vulnerable as they were no longer supported by their maker’s security patches or software updates, the hackers sought to disguise the origin of future China-based hacking activities, it said.

The operation succeeded in wiping the malware from the routers, without impacting their legitimate functions or collecting any information, it added, while saying there was no guarantee the routers could not be reinfected.

Asked about the allegations on Thursday, Beijing said the US had “made groundless accusations and smeared China without any evidence”.

“This is extremely irresponsible and purely confuses right and wrong,” foreign ministry spokesperson Wang Wenbin said.

“The US is the origin of and the expert on cyber attacks,” he told a regular press briefing.

Help safeguard press freedom & keep HKFP free for all readers by supporting our team

HKFP has an impartial stance, transparent funding, and balanced coverage guided by an Ethics Code and Corrections Policy.

Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.

https://hongkongfp.com/2024/02/01/us-says-it-dismantled-china-backed-hacker-network-that-targeted-american-infrastructure/