The US government launched an operation late last year to fight a Chinese state-sponsored hacking network aimed at disrupting US military communications, Reuters reported.
The operation targets a botnet set up by a group known as Volt Typhoon, which first came to light in May 2023, but which expanded its scope in late 2023 and changed some of its techniques, according to the news wire’s Tuesday report.
It said the Justice Department and the Federal Bureau of Investigation (FBI) sought and received legal authorisation to remotely disable aspects of Volt Typhoon’s botnet.
The botnet operates by taking over internet-connected devices such as security cameras or routers.
Those devices can then be used as a base to launch further attacks, making the malicious traffic appear to be coming from a local source.
The wide spread of Volt Typhoon’s botnet reportedly led to a series of meetings between the White House and private technology companies, including telecoms and cloud firms, who were asked by the US government for assistance in tracking the group’s malicious activity.
The hacking group is believed to be targeting US critical infrastructure including naval ports, internet service providers and utilities.
The botnet has taken over thousands of devices, Reuters said, citing unnamed Western security officials and other sources.
“The Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP and then using that destination to route their intrusions into the real target,” an unnamed former official told Reuters.
“To the IT team at the downstream target it just looks like a normal, native user that’s sitting nearby.”
In a security advisory last May, Microsoft Threat Intelligence said it believed the Volt Typhoon campaign was intended to disrupt critical communications infrastructure between the US and Asia during future crises, such as a conflict with China over Taiwan.
Microsoft said at the time that the group began operations in mid-2021 and has targeted Guam and other locations in the US.
It said targets ranged across the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
Last May Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a “collective disinformation campaign” from the Five Eyes intelligence network comprising the United States, Canada, New Zealand, Australia and the UK.
The US and China have been locked in an escalating conflict for years over China’s efforts to develop an autonomous technology industry, particularly in the areas of high-end semiconductor production and artificial intelligence.