Chinese Volt Typhoon Hack Threaten US Infrastructure, FBI Says
The Volt Typhoon hack, a sophisticated cyberattack attributed to Chinese government-backed hackers, has infiltrated the US infrastructure, including energy, water, and transportation sectors.
Such a breach could lead to widespread disruptions in these vital industries, exacerbating geopolitical tensions, particularly in relation to Taiwan.
US intelligence agencies have sounded the alarm over Chinese government-backed hackers infiltering the nation’s critical infrastructure.
Recently, officials warned about Volt Typhoon malware, revealing the Chinese-backed groups are integrating themselves deeply within American systems. These Chinese groups are not just accessing sensitive information but also preparing to disrupt key infrastructure, such as energy and communications, in case of a crisis.
The China Volt Typhoon cyber operations is growing to become these sophisticated, state-sponsored, attacks creating significant threats to national security and infrastructure stability
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” according to FBI Director, Christopher Wray.
The current campaign has found three Chinese major hacking groups: Volt Typhoon, Flax Typhoon, and the recently discovered Salt Typhoon-all three known to work together for one common goal of creating chaos in the U.S. in case of conflict.
Using Outdated Devices to Infiltrate
One of the most concerning groups is Volt Typhoon, discovered by Microsoft in 2023 and has been active since 2021. The Chinese group focuses on network devices, such as routers and firewalls.
The hackers behind Volt Typhoon attack have exploited a range of internet-connected devices that no longer receive security updates to gain unauthorized access to systems in various industries.
Research by Microsoft suggests that the critical sectors, particularly aviation and energy, have been compromised by the group’s actors, with hackers establishing a foothold for future attacks.
In January, the US government successfully disrupted a botnet created by the Chinese Volt Typhoon, which consisted of thousands of compromised home and office routers.
Flax Typhoon Bypassing Systems with Mirai
In August 2023, another China-backed group was exposed, Flax Typhoon. Operating as a company, it developed a botnet on its own, using one of the variants of the very well-known malware called Mirai, hiding their attacks as regular traffic over the internet to pass by critical systems.
While Flax Typhoon focused most of its hacking operations against organizations in Taiwan, the U.S. was also within its targets. This group’s botnet also served as an access point to the US networks by other hackers from China, posing a serious threat on the national security of the country.
Salt Typhoon Targeting Wiretap Systems
The most recent, Salt Typhoon, emerged in October 2023. According to a report by WSJ, this group has used wiretap systems from major US telecom and internet providers, including AT&T and Verizon. Such wiretap systems are usually used to collect data for investigations, which means hackers who have access could uncover sensitive information.
Investigations are still under way to figure out when the breach happened, but WSJ reports that the hackers may have held access to the internet providers’ wiretap systems “for months or longer.”
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.