Chinese hacking group Volt Typhoon has infested systems used to manage US infrastructure and is now waiting for the opportune moment to strike, FBI Director Christopher Wray has said.
The systems affected are used to control water, energy, and telecommunications among other sectors, with previous attacks linked to Chinese hacker groups possibly being practice attacks in order to create a playbook for an attack on a larger scale.
China has already begun its campaign of election interference and voter influence, and cyber attacks could contribute to China’s overall goal of inducing panic and destabilizing the US.
Chinese government claims no involvement
The Chinese Ministry of Foreign Affairs has said that it bears no relationship with the Volt Typhoon group, and has officially deemed it a criminal ransomware group, but evidence from threat research organizations at Microsoft and Google have found links between the group and the Chinese state.
Speaking at the Vanderbilt Summit on Modern Conflict and Emerging threats, Wray said that the group was working on behalf of China to build up its “ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” and that the group was waiting “for just the right moment to deal a devastating blow.”
Following the election of pro-independence candidate president Lai Ching-te in the Taiwan elections, China has stepped up its posturing and rhetoric for reunification, with Wray stating that China intends to use its ability to attack critical US infrastructure as a deterrence against US defense of Taiwan.
It’s not just US critical infrastructure under threat, as multiple government agencies have recently had emails breached and stolen by Russian hackers abusing a vulnerability in Microsoft’s corporate email accounts.
APT29, also tracked as Midnight Blizzard, has strong links to Russia’s Foreign Intelligence Service and used a sequence of critical Microsoft vulnerabilities in order to breach the agencies, who have not been named nor the extent of the damage disclosed.
Via Reuters