In recent months, the US government has initiated a robust operation to counter a pervasive Chinese hacking campaign that successfully breached thousands of internet-connected devices, as revealed by two Western security officials and one individual familiar with the matter. The Justice Department and Federal Bureau of Investigation (FBI) have obtained legal authorization to remotely disable components of the Chinese hacking operation, underscoring the Biden administration's heightened focus on cybersecurity concerns, not only in anticipation of potential disruptions to the upcoming US election but also due to the havoc wreaked by ransomware on Corporate America in 2023.
The focal point of the recent hacking activities is the Volt Typhoon group, which has raised alarms among intelligence officials. They assert that Volt Typhoon is part of a larger endeavor to compromise critical Western infrastructure, including naval ports, internet service providers, and utilities. Although the Volt Typhoon campaign came to light in May 2023, it gained momentum last year as the hackers expanded the scope of their operations and modified some of their techniques, according to sources familiar with the matter.
The widespread nature of these cyber intrusions prompted a series of meetings between the White House and private technology industry representatives, including telecommunications and cloud computing companies. During these discussions, the US government sought assistance in tracking and mitigating the malicious activities. Security experts warn that these breaches could grant China the capability to remotely disrupt crucial facilities in the Indo-Pacific region, potentially impacting US military operations. Concerns among US officials also revolve around the possibility of the hackers working to undermine US readiness in the event of a Chinese invasion of Taiwan.
China, which claims Taiwan as its own territory, has escalated military activities near the island, citing perceived "collusion" between Taiwan and the United States. The Justice Department and FBI have refrained from providing comments on the matter, and the Chinese embassy in Washington has not responded to requests for comment.
Volt Typhoon operates by gaining control of vulnerable digital devices worldwide, such as routers, modems, and internet-connected security cameras. By creating a botnet—a network of remotely controlled systems—the hackers obscure downstream attacks into more sensitive targets. This approach limits the visibility of cyber defenders monitoring for foreign footprints in their networks.
A former official familiar with the matter explained the tactic, stating, "The Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP (internet service provider) and then using that destination to route their intrusions into the real target. To the IT team at the downstream target, it just looks like a normal, native user that's sitting nearby."
The use of botnets by both government and criminal hackers to mask cyber operations is not new, and it is often employed when attackers aim to swiftly target numerous victims simultaneously or conceal their origins effectively. As the US government takes decisive steps to counter the Volt Typhoon campaign, the global cybersecurity landscape remains on high alert, navigating the intricate challenges posed by nation-state cyber threats.