Chinese hackers target US infrastructure with unprecedented persistence

Recent warnings from the National Security Agency (NSA) highlight an ongoing cyber threat posed by the persistence of Chinese hackers. In a cybersecurity advisory issued with other federal agencies, the NSA singled out a Beijing-backed hacker network known as “Volt Typhoon” for targeting and infiltrating American critical infrastructure.

“The [advisory] focuses on PRC-sponsored cyber actor, Volt Typhoon, targeting IT networks of communications, energy, transportation, water, and wastewater organizations in the U.S. and its territories,” the NSA said in a statement. “The authoring agencies recognize the reality that the PRC has already compromised these systems. In some cases, the cyber actors have been living inside IT networks for years to pre-position for disruptive or destructive cyberattacks against operational technology in the event of a major crisis or conflict with the United States.”

Chinese hacking groups like Volt Typhoon actively targeted vital sectors of U.S. infrastructure, including electric grid operators, water systems and shipping ports. The groups’ tactics involve gaining and maintaining access to these networks for long periods. Some instances of continuous access lasted up to five years. This prolonged presence provides the hackers with the capability to execute potentially devastating cyberattacks at their discretion. These attacks also threaten the stability and functionality of resources relied upon by everyday Americans.

“If and when China decides the time has come to strike, they’re not focused just on political and military targets,” FBI Director Christopher Wray said. “We can see from where they position themselves across civilian infrastructure, that low blows aren’t just a possibility in the event of a conflict, low blows against civilians are part of China’s plan.”

Despite the gravity of their activities, Volt Typhoon’s methods do not always use cutting-edge technology. Rather, the group relies on persistent hacking attempts, exploiting vulnerabilities that may be accessible to relatively-skilled hackers, not just experts.

The vulnerability of U.S. infrastructure cybersecurity is made worse by its fragmented and decentralized nature.

Several entities and individuals are responsible for operating different components of critical infrastructure. Therefore, coordination efforts to combat cyber threats are often insufficient. This fragmentation is particularly evident in sectors such as the water system where 150,000 individual, independently-managed operations make up the system. This is a trend found across all 16 critical infrastructure sectors in the country.

In response to these ongoing threats, federal agencies are urging infrastructure operators to bolster their cybersecurity defenses. Recommendations include implementing multi-factor authentication and conducting regular reviews of network activity logs to detect and prevent unauthorized access.