Here’s How the FBI Stopped a Major Chinese Hacking Campaign | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

FBI and CISA Detail Operation to Prevent Chinese Attacks on Critical Infrastructure

FBI Director Chris Wray testifies before a House panel on Wednesday, Jan. 31 2024. (Image: U.S. Congress)

Federal authorities shut down attempts by a Chinese government hacking group to attack U.S. critical infrastructure through a malware campaign that gained unauthorized access to “hundreds” of personally-owned routers, FBI Director Chris Wray testified Wednesday.

See Also: OnDemand Panel | Securing Operational Excellence: Thwarting CISOs 5 Top Security Concerns

The FBI conducted a court-authorized sting operation against the Chinese hacking group known as Volt Typhoon, which Wray said targeted the U.S. electric grid, oil and natural gas pipelines, major transportation hubs and water treatment plants across the country (see: FBI and DOJ Disrupt Chinese Hacking Operation).

“They’re not focused just on political and military targets,” Wray told the House Select Committee on the Chinese Communist Party. “We can see from where they position themselves across civilian infrastructure that low blows aren’t just a possibility in the event of conflict: Low blows against civilians are part of China’s plan.”

Wray said the FBI carried out the operation alongside the Cybersecurity and Infrastructure Security Agency, the National Security Alliance and other federal cyber authorities. CISA issued a cybersecurity advisory about Volt Typhoon in May 2023 warning that the hacking group was conducting operations that affect “networks across U.S. critical infrastructure sectors” (see: Chinese State Hacker ‘Volt Typhoon’ Targets Guam and US).

After gaining court authorization, Wray said U.S. officials dismantled Volt Typhoon’s malware from “hundreds” of victims routers in homes and small businesses nationwide, then took steps to ensure the routers could not be reinfected with malicious software.

“The Volt Typhoon malware enabled China to hide, among other things, pre-operational, reconnaissance and network exploitation against critical infrastructure, like our communications, energy, transportation [and] water sectors,” Wray said. “Steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous.”

Volt Typhoon’s primary tactics involve using built-in network administration tools to evade endpoint detection while carrying out its operations, a technique known as “living off the land.” CISA Director Jen Easterly, who also testified to the House select committee Wednesday, said federal agencies “found and eradicated” Chinese-linked cyber campaigns targeting a wide variety of sectors, including transportation, water and energy.

“They’ve elevated their ability to act like a system administrator so you really can’t tell that it’s a Chinese actor,” Easterly told lawmakers about hackers linked to Beijing, adding that the U.S. must prepare for a major cyberattack in the event of a Chinese invasion of Taiwan.

“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities [and] the crippling of our transportation modes,” Easterly said, “all to ensure [China] can incite societal panic and chaos, and deter our ability to marshall military might and civilian will.”

The White House held meetings in recent months with technology companies to request support in its efforts to track and shut down Volt Typhoon, according to a Reuters report published Monday. The news agency cited anonymous sources that said the hacking group expanded its operations and changed its techniques after its campaign first came to light in May.

Wray also warned that the U.S. public should be prepared for possible widespread cyber incidents if China were to invade Taiwan.

“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” the FBI director said.


Click Here For The Original Story From This Source.

National Cyber Security