Major US Counter-Hack Disables China Botnet in Critical Infrastructure | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The FBI says it has foiled attempts by a Chinese government-sponsored hacking ring to conceal its preparations for attacks on American critical infrastructure.

The operation, green lit by court order last month, “disrupted a botnet of hundreds of U.S.-based small office/home office (SOHO) routers hijacked by People’s Republic of China (PRC) state-sponsored hackers”, according to a press statement from the agency Wednesday.

The attack was carried out by a state-sponsored, China-based group of hackers known as “Volt Typhoon,” also known as “Bronze Silhouette,” that has been active in the U.S. since at least mid-2021.

Volt Typhoon used SOHO routers that they’d infected with “KV Botnet” malware to mask the origin of China-based hacking activities, which included targeting critical infrastructure, the agency said, without specifying what types of infrastructure were at risk.

An engineer uses his expertise in social media commercial analysis to identify networks of fake users in Bnei Brak, Israel, on January 23, 2019. The U.S. Justice Department reported on January 31, 2024, that in…
An engineer uses his expertise in social media commercial analysis to identify networks of fake users in Bnei Brak, Israel, on January 23, 2019. The U.S. Justice Department reported on January 31, 2024, that in December it had disrupted a botnet comprising hundreds of U.S. routers taken over by Chinese state-sponsored hackers.

Jack Guez/AFP via Getty Images

A botnet is a network of computers covertly infected with malware that allows them to function as a group and act on commands without the knowledge of their owners.

The hackers took advantage of a cybersecurity opening to set up the botnet, according to the statement. The majority of the targeted routers were aging Cisco and NetGear devices made more vulnerable since they were longer being updated by security patches from their manufacturers.

After removing the botnet-installed malware from these routers, the FBI then cut off communication between them and the devices being used to direct the botnet’s activities.

Newsweek has reached out to the FBI and Chinese embassy in Washington, D.C., with written requests for comment.

“The United States will continue to dismantle malicious cyber operations—including those sponsored by foreign governments—that undermine the security of the American people,” the statement quoted U.S. Attorney General Merrick Garland as saying.

“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure—our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems—and the risk that poses to every American requires our attention now,” FBI Director Christopher Wray said at a hearing of House of Representatives’ Select Committee on Strategic Competition between the United States and the Chinese Communist Party on Wednesday.

Wray warned that hackers are laying the groundwork for China to “wreak havoc” on American infrastructure “when the time has come to strike,” giving it a leg up in any future conflict.

In the meantime, these actors are “actively attacking our economic security—engaging in wholesale theft of our innovation and our personal and corporate data” on a daily basis, he said.

In October, the intelligence chiefs of the Five Eyes intelligence alliance—the US., U.K., Canada, Australia, and New Zealand—warned of the threat posed by China’s use of cutting-edge technology to carry out hacking and intellectual property theft on a grand scale.

Chinese leader Xi Jinping previously called on his country to become a “cyber superpower.”

Wray urged the committee members to invest in the FBI’s cyber capacity.

“Let me quantify what we’re up against: The PRC has a bigger hacking program than every other major nation combined,” he said. “In fact, if each one of the FBI’s cyber agents and intelligence analysts focused exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1.”

In his remarks in the hearing, Select Committee Chairman Mike Gallagher (R-WI) compared China’s targeting of cyber infrastructure to placing bombs on bridges.

“We need to step up and defend our critical infrastructure” in cyberspace, he said.