US officials have started briefing members of Congress on a Chinese cyber campaign that has been infecting US networks with malware for over a year. This campaign represents a significant departure from traditional Chinese cyber espionage because the malware is designed not just for data collection but for disruption as well.
The campaign, named “Volt Typhoon,” was first noticed in Guam and publicly acknowledged in May by Microsoft. Observers described it as battlespace preparation. The intelligence services of the Five Eyes, a cooperative alliance of Australia, Canada, New Zealand, the United Kingdom, and the United States, issued a joint advisory about Volt Typhoon, highlighting the seriousness and scope of the threat.
According to unnamed Administration officials cited by The New York Times, the US is actively searching for the Chinese malware that has been surreptitiously embedded in American systems. The investigation has revealed that the campaign is more extensive than initially thought, encompassing telecommunications systems worldwide. It has been suggested that the malware’s concentration near US military installations is a precaution against US intervention in a potential Chinese invasion of Taiwan. However, there is disagreement within the Administration about the malware’s intended purpose, with some believing it is narrowly aimed at undermining US military operations and others suspecting a broader intent to disrupt US society.
The Biden administration, through the National Security Council, has emphasized its commitment to protecting critical infrastructure from cyber disruptions. In a statement quoted by The New York Times, the NSC said it is coordinating interagency efforts to safeguard critical systems such as water, pipelines, rail, and aviation.
China has predictably denied any involvement in cyber activity against US targets. The Chinese embassy in Washington issued a statement asserting that China firmly opposes and cracks down on all cyberattacks in accordance with the law. The embassy spokesperson also accused the US of hacking and defamation, suggesting that most cyberattacks targeting China originate from the US.
The industry has reacted cautiously to the threat posed by this campaign to critical infrastructure. The Five Eyes advisory detailed Volt Typhoon’s use of “living off the land” techniques to blend in with normal Windows system and network activities and avoid detection. Joe Saunders, CEO of RunSafe Security, emphasized the need to focus on memory protection in software to prevent similar threats in the future.
The revelation of a Chinese cyber campaign targeting US networks with disruptive malware has brought a new level of concern to the cybersecurity landscape. The ongoing efforts by US officials to uncover and eradicate the malware highlight the seriousness of the threat. As tensions between China and the US escalate, it is crucial for both countries to prioritize cybersecurity measures to protect critical infrastructure and prevent potential disruptions to national security.