The United States is struggling to dismantle a pervasive Chinese government-backed hacking group that’s been found digitally spelunking into troves of America’s critical infrastructure, leaving no end in sight as spy agencies and their private sector partners work to stomp it out of U.S. networks.
The Beijing-backed cyber collective, dubbed Volt Typhoon by intelligence officials, was found this week to have embedded into the inner workings of several U.S. internet service providers. The hackers have been crawling across troves of other vital U.S. infrastructure for several years, according to intelligence findings released in February.
“I think it’s a brazen aggressiveness on the part of the Chinese government that continues to escalate, and unfortunately, with all the efforts we’ve undertaken here, collectively, including through the law enforcement side, it just has not had the deterrent effect that we would want to see,” said FBI deputy director Paul Abbate, speaking on a panel at a Wednesday event hosted by the nonprofit Intelligence and National Security Alliance.
The assessment provides a blunt, first-of-its-kind outlook about U.S. efforts to tear down the hackers. Volt Typhoon is said to be burrowing into critical infrastructure with plans to shutter or sabotage the operational technology underpinning their systems in the event the U.S. enters military conflict with China, officials have assessed.
“I think that causes us to have to think hard about what steps need to be taken or actions to stop it,” Abbate said.
The statement brings a dose of reality into U.S. efforts to rein in cyberspies, which included a January takedown operation that took out a cluster of compromised internet equipment used by Volt Typhoon to stage infiltrations into American infrastructure. Other efforts involved direct intervention, when Secretary of State Antony Blinken and State Department Cyberspace and Digital Policy Bureau chief Nate Fick told Beijing officials in April that their Volt Typhoon activity needed to stop.
But China hasn’t been listening. Its National Computer Virus Emergency Response Center in late July published a factually inaccurate paper that claimed Volt Typhoon was a made-up disinformation campaign used to hype up the nature of cyber threats coming out of Beijing.
And, from a technical standpoint, the hackers are now latching onto multiple digital staging grounds to launch their intrusions, making it difficult for U.S. cyber warriors to seek and destroy their infrastructure, officials said in May.
China is unlikely to change its strategy, and is eventually seeking to cause societal panic through the use of its Volt Typhoon operatives, said a senior U.S. intelligence official who spoke on the condition of anonymity to publicly relay an assessment of the hackers. The U.S. could change its strategy and take a more offensive approach against the group, but it would risk crippling a tense but still peaceful relationship with the Chinese government, they said.
“We want to maintain peaceful relations with the PRC, and not have things escalate in a crisis of conflict,” said the official. “The desire to take the Terminator approach — I can understand that at an emotional level — but the challenge there, of course, is the escalation risks are incredibly high.”
The Volt Typhoon hackers have been using “living off the land techniques” that allow them to hide inside systems and bypass detection, U.S. reports say, noting that they have breached American facilities in Guam and other vital infrastructure in U.S. facilities both inside and outside the country. The clandestine activities involve a tradecraft that’s difficult to uncover because of the group’s reliance on stolen administrator credentials that allow them to more easily mask their exploits.
With November’s presidential election on the way, a top cyber official this month said the U.S. hasn’t spotted the hackers inside election infrastructure, though there’s still much that officials aren’t seeing about their activities.
Volt Typhoon first sounded alarms in 2021 when the group was seen by analysts burrowing into infrastructure environments that had no immediate intelligence value, contradicting past Chinese cyberespionage trends.
Read the full article here