Suspected cyber assaults believed to originate from China are focusing on American power and water networks - Cribb Cyber Security

Government officials and cybersecurity experts in the U.S. have issued warnings indicating that the Chinese military appears to be making efforts to infiltrate crucial systems within the country. Reports are suggesting that hackers linked to China’s People’s Liberation Army have breached the computer networks of roughly twenty-four vital entities in the past year. These infiltrations are believed to be part of a larger strategy aimed at causing disruption, panic, and logistical issues in the event of a potential conflict between the U.S. and China. 

According to sources cited in The Washington Post, the targets allegedly include a water utility in Hawaii, a significant port on the West Coast, and at least one oil and gas pipeline. Additionally, attempts were made to breach the Texas power grid operator. Notably, these attacks extend beyond U.S. borders, with several foreign entities reportedly targeted as well. 

As of now, these breaches have not affected the operational control systems that manage critical functions. However, the targeting of a utility in Hawaii, situated near the U.S. Pacific Fleet, raises concerns as disrupting such infrastructure during a conflict could impede military deployments and logistical support. 

This recent report seems to build upon earlier findings regarding a suspected China-based hacking group known as Volt Typhoon. Microsoft Corp. researchers had previously warned about this group’s activities, suggesting their intentions to disrupt communication networks between the U.S. and Asia during potential crises. Volt Typhoon’s range of targets spans various sectors, including communications, manufacturing, utilities, transportation, construction, maritime industries, government entities, information technology, and education. 

The tactics employed by Volt Typhoon emphasize stealth, utilising advanced techniques like the manipulation of Living-off-the-Land Binaries (LOLBins) and hands-on-keyboard interactions. Their strategies involve acquiring credentials, preparing data for extraction, and maintaining control in compromised systems using valid access. 

In response to these threats, a Joint Cybersecurity Advisory was issued by the National Security Agency in collaboration with authorities from Australia, Canada, New Zealand, and the U.K. These nations, collectively known as the Five Eyes countries, provided guidance on the tactics, techniques, and procedures associated with the alleged state-sponsored Chinese attacks. 

Brandon Wales, the executive director of the Cybersecurity and Infrastructure Security Agency, highlighted the significance of these attempts by China, noting their shift from past cyber activities primarily focused on political and economic espionage. He emphasized that these efforts now seem aimed at positioning China to disrupt or destroy critical infrastructure, potentially impacting the U.S.’ ability to project power in Asia or causing societal chaos within the country during a crisis.