China’s Latest Cyberattack Is an Active Threat to Critical US Infrastructure

China’s latest cyberattack poses an active threat to key US infrastructure and signals a clear shift in tactics: it aims to disrupt civil society for geopolitical and military reasons. Photo illustration: Chinese hackers on a “troll farm”. (Source: vchal, iStock/Getty Images)

Microsoft reported another active threat to US critical infrastructure on Wednesday afternoon. The warning lights have been flashing red for some time, signaling a clear shift in tactics by our adversaries: they intend to disrupt civil society for geopolitical and military reasons.

Volt Typhoon, a hacking group sponsored by the People’s Republic of China, has been secretly targeting various critical infrastructure sectors using compromised network devices, sensors, routers and other Internet-connected devices – the Internet of Things. Through Volt Typhoon, the PRC is attempting to access and develop capabilities that could be used to disrupt communications, trade, and transportation between Asia and the United States.

Microsoft’s alert revealed that since mid-2021, Volt Typhoon has been targeting the communications, manufacturing, utilities, transportation, construction, shipping, government, information technology, and education sectors in Guam and elsewhere in the US We’ve watched Russia cyberespionage over the past decade in various critical infrastructure sectors in preparation for future cyber operations or as part of a larger military campaign such as the invasion of Ukraine.

Although China has engaged in similar cyber espionage behaviors in the past – for example against the US oil and gas sector – the incidents were not taken as an indication of possible attacks. These incidents were likely viewed through the perverse lens of “normative” behavior by nation-states.

How to deal with the People’s Republic of China’s ongoing cyber espionage operations is a key question for national security politicians. Not only are these operations aggressive and potentially dangerous, but they show that the People’s Republic of China deliberately seeks conflict over Taiwan.

The statement from Microsoft’s threat intelligence team points to Beijing’s motivations and its belief that the current US administration will have no impact: “Microsoft takes moderate confidence that this Volt Typhoon campaign seeks capability development.” , which could disrupt critical communications infrastructure between the United States and Asia in future crises.”

There are two key takeaways from Microsoft’s news on Wednesday: 1) Chinese President Xi Jinping has consistently brushed aside diplomacy while actively preparing for a possible conflict with the US, and 2) detection of such attacks remains one crucial gap for the cyber security of critical infrastructures.

Some experts will try to downplay or dismiss the threat from China, emphasizing the “commonness” of cyber espionage and shifting to naming emerging risks like polymorphic malware or AI as potentially more critical threats, but the underlying facts haven’t changed: As technology integration in business, government, industry and everyday life increases, cyber vulnerabilities increase. China remains committed to Xi’s vision of a new world order.

Despite this government’s dramatic increase in cyber bureaucracy, including the release of another national cyber strategy and the establishment of an office of national cyber director, what concrete steps have been taken to reduce our national risk?

More policies and more people are not in themselves a solution. The Department of Homeland Security and other federal stakeholders have been empowered to be proactive in their approach to cybersecurity. However, the model the government has adopted is a clumsy and clumsy approach that keeps them in a constant state of response and recovery – waiting for alerts from the private sector and then managing mitigation messages.

Rather than waiting for the private sector to decide to share information, DHS must look ahead and take meaningful steps to address risk and mitigate cyber threats to our critical infrastructure.

Do you have an opinion about this article? To hear the audio, please email [email protected]. We will then consider posting your edited comments in our regular “We Hear You” feature. Be sure to include the article’s URL or title, as well as your name and city and/or state.