Potential sabotage capabilities of Chinese-backed hackers is alarming
Date
1/12/2025 4:26:04 AM
(MENAFN) Among the many cyber threats facing the world today, few are as alarming as the potential sabotage capabilities of Chinese-backed hackers, which top U.S. national security officials have referred to as a "major threat." These government-backed hackers have reportedly infiltrated critical U.S. infrastructure, such as water, energy, and transportation networks, often lingering for years. The intention, according to U.S. officials, is to lay the groundwork for devastating cyberattacks in the event of a future conflict, particularly with China over Taiwan.
FBI Director Christopher Wray highlighted the gravity of the situation, warning that Chinese hackers are already embedded in U.S. infrastructure, preparing to cause disruption and harm to American citizens if China decides to strike. In response, the U.S. government has taken action against hacker groups such as "Typhoon" and revealed further details on the threats posed by these groups. In January 2024, the U.S. disabled the "Volt Typhoon" group, a Chinese-backed hacking unit tasked with setting up the groundwork for massive cyberattacks. By September 2024, federal authorities had gained control of a botnet operated by another Chinese group called "Flex Typhoon," which had used a Beijing-based cybersecurity company to conceal the hackers' activities.
In December, the U.S. imposed sanctions on a Chinese cybersecurity firm accused of being involved in multiple hacking incidents against American victims. Since then, a new hacker group called "Salt Typhoon" emerged, infiltrating major U.S. telecom and internet companies to gather intelligence and monitor American communications. Another group, previously known as "Hafnium" and now referred to as "Silk Typhoon," returned in December 2024, targeting the U.S. Treasury.
Here’s a closer look at the Chinese hacking groups preparing for potential conflict:
Volt Typhoon: Volt Typhoon is a new breed of Chinese-backed hackers. Unlike traditional groups that primarily focus on stealing sensitive information, Volt Typhoon has shifted its focus to disrupting the U.S. military's mobilization capabilities. Discovered by Microsoft in May 2023, Volt Typhoon has been targeting network equipment like routers, firewalls, and VPNs since at least 2021. These efforts aim to deeply penetrate critical U.S. infrastructure, potentially lasting for up to five years.
Volt Typhoon's tactics involve compromising internet-connected devices, particularly those no longer receiving security updates. This group has expanded its reach across various sectors, including aviation, energy, and transportation, to set the stage for future destructive cyberattacks that could hinder U.S. responses in the event of a Taiwan-related conflict. John Holtkiest, principal analyst at Mandiant cybersecurity, remarked that Volt Typhoon isn't merely gathering intelligence but studying critical infrastructure to disrupt major services when ordered to do so.
MENAFN12012025000045015687ID1109080534
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.