The FBI and CISA recently detailed an operation they conducted to prevent China’s attacks on critical infrastructure in the United States. FBI Director Christopher Wray testified before the House Select Committee on the Chinese Communist Party, revealing that a Chinese government hacking group known as Volt Typhoon had targeted various sectors, including the electric grid, oil and natural gas pipelines, transportation hubs, and water treatment plants.
Wray disclosed that the FBI carried out a court-authorized sting operation against Volt Typhoon, which had gained unauthorized access to “hundreds” of personally owned routers across the country. The hacking group’s primary focus was on civilian infrastructure rather than just political and military targets, indicating that they were planning to inflict damage on critical infrastructure in the event of a conflict.
Collaborating with the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Alliance, and other federal cyber authorities, the FBI executed the operation to dismantle Volt Typhoon’s malware from the victims’ routers and prevent re-infection. Wray emphasized that the malware was designed to conduct pre-operational reconnaissance and network exploitation against critical infrastructure, posing a significant threat to the country’s safety and prosperity.
CISA Director Jen Easterly, who also testified before the House select committee, stated that federal agencies had successfully eradicated cyber campaigns linked to China targeting various sectors, including transportation, water, and energy. Additionally, she warned about the potential for a major cyberattack in the event of a Chinese invasion of Taiwan, urging the U.S. to prepare for such a scenario.
The White House had engaged in discussions with technology companies to seek their support in tracking and shutting down Volt Typhoon, as the hacking group had reportedly expanded its operations and changed its techniques following the initial disclosure of its campaign in May. Wray also cautioned the public to be prepared for potential widespread cyber incidents if China were to invade Taiwan, as the hackers were positioning themselves to cause real-world harm to American citizens and communities.
Overall, the operation conducted by the FBI and CISA underscores the ongoing threat posed by Chinese state-sponsored hackers to critical infrastructure in the United States. The collaboration between federal agencies and private sector entities will continue to play a crucial role in defending against and mitigating the impact of such cyber threats.