The United States Justice Department disclosed Wednesday that a plot by Chinese government-sponsored hackers to target U.S. critical infrastructure networks, utilizing malware that has hijacked “hundreds” of home and small business routers, has been successfully disrupted. This operation was carried out through legal authorization last month, and officials stated that the botnet was dismantled by removing the malware from the victim routers and implementing measures to prevent re-infection.
Specific details about the critical infrastructure networks targeted by the Chinese hacking group, known as ‘Volt Typhoon,’ were not disclosed in the background call with reporters, but in his testimony to Congress on Wednesday, FBI Director Chris Wray warned about China’s efforts to target various sectors including water treatment plants, electrical grids, oil and natural gas pipelines, and transportation systems.
Wray emphasized that the “Volt Typhoon malware enabled China to hide, among other things, pre-operational, reconnaissance, and network exploitation against critical infrastructure like our communications, energy, transportation, water sectors.” He further highlighted the real-world threats posed by cyber attacks on critical infrastructure, expressing concern about potential disruption to daily lives and even the impact on U.S. military response during a global crisis.
The FBI-led operation revealed that the majority of compromised routers were old models from manufacturers like Cisco and NetGear, no longer receiving standard security updates. These routers were exploited by Chinese hackers as a means to route traffic and conceal their malicious activities. After obtaining a search and seizure order, officials deleted the malware from the routers and altered the firewall rules to prevent further communications with the critical infrastructure networks.
Moreover, the FBI is now in the process of notifying owners of the affected devices to update their routers as a security measure. The alleged actions of the Chinese hackers in using American citizens and small businesses to conceal their cyber attacks raised concerns about protecting critical infrastructure and ensuring the security of connected devices.
The operation against the ‘Volt Typhoon’ hacking group underscored the ongoing cyber threats faced by the U.S., particularly from state-sponsored actors seeking to exploit vulnerabilities in critical infrastructure. As seen in this case, the potential for widespread disruption due to cyber attacks on essential networks is a significant concern for national security.
The disruption of the Chinese hacking effort and the collaborative efforts of law enforcement agencies and cybersecurity experts have demonstrated the importance of proactive measures to safeguard critical infrastructure from evolving cyber threats. The incident also highlighted the need for enhanced security protocols for outdated routers and devices connected to critical networks, emphasizing the broader implications of cyber hygiene and security measures for the general public and small businesses.
The impact of these efforts in preventing potential harm to American citizens and communities, as well as the potential disruption of critical infrastructure, underscores the significance of countering sophisticated cyber threats targeting the United States. In this context, ongoing collaboration between law enforcement, intelligence agencies, and private sector entities is crucial to confronting and mitigating cyber threats from foreign adversaries.
The concerns raised by the FBI Director and other officials regarding the potential use of malware to disrupt critical infrastructure underscored the urgency of addressing gaps in cybersecurity and ensuring comprehensive protection against advanced persistent threats. The evolving nature of cyber attacks and the potential for significant consequences from attacks on critical infrastructure highlight the need for continuous vigilance and proactive measures to prevent and mitigate cyber threats.