China-linked hacking groups infiltrated critical US infrastructure, including the Hawaii Water Company and at least one oil and gas pipeline, US officials say
Chinese hackers are positioning themselves within critical U.S. infrastructure by targeting careless office workers in an attempt to cause “social chaos” from within if war breaks out.
Beijing's military has dug into more than 20 major suppliers in the past year alone, including a water company in Hawaii, a major port on the west coast and at least one oil and gas pipeline, analysts have revealed.
And they have bypassed extensive cybersecurity systems by intercepting passwords and logins not monitored by junior employees, leaving China “sitting on a stockpile of strategic” vulnerabilities.
The project, codenamed Volt Typhoon, coincided with growing tension over Taiwan and could decouple US efforts to protect its interests in the South China Sea.
“It is very clear that Chinese efforts to compromise critical infrastructure are partly to prepare themselves to disrupt or destroy that critical infrastructure in the event of a conflict,” said Brandon Wales of the Cybersecurity and Infrastructure Security Agency the DHS. CISA).
President Joe Biden avoided the topic last month during conversations with Chinese President Xi Jinping at the Apec summit in San Francisco
Analysts believe the Chinese military has changed its strategy from intelligence gathering to infiltration in an effort to sow chaos should war break out.
The Chinese focus on Guam is of particular importance as the US territory is a key military base in the Pacific and would be a key stage for any US response in the event of a conflict in Taiwan or the South China Sea.
“Either to prevent the United States from projecting power into Asia, or to cause social chaos within the United States – to influence our decision-making around a crisis.
“That is a significant change compared to Chinese cyber activity from seven to ten years ago, which was mainly focused on political and economic espionage.”
The hackers often hide their tracks by using unsuspicious devices, such as home or office routers, in an attempt to steal employee login credentials, officials told the WashingtonPost.
Once inside the systems, they can pose as legitimate users through a technique known as 'living off the land'.
“You're trying to build tunnels into your enemies' infrastructure that you can later use to attack,” said China expert Joe McReynolds of the Jamestown Foundation.
'Until then, you continue to lurk, conduct reconnaissance and see if you can enter industrial control systems or more critical companies or targets upstream. And one day, when you receive the order from above, you will switch from reconnaissance to attack.”
The Director of National Intelligence warned in February that China is already “almost certainly capable” of carrying out cyberattacks to take out oil and gas pipelines and rail systems.
“If Beijing feared that a major conflict with the United States was imminent, it would almost certainly consider conducting aggressive cyber operations against the U.S. homeland's critical infrastructure and military assets worldwide,” the annual assessment said.
The Director of National Intelligence warned in February that China is already “almost certainly” capable of carrying out cyberattacks to take out oil and gas pipelines and rail systems.
Chinese military planners plan for a 'network war' targeting infrastructure to play a crucial role in any amphibious invasion of Taiwan
By hiding among authorized users, the hackers can remain virtually invisible to the authorities.
“The two most difficult challenges with these techniques are determining that a compromise has occurred and, once discovered, having confidence that the actor has been taken out,” said Morgan Adamski of the National Security Agency.
But in August, the hackers were spotted trying to penetrate systems of the Public Utility Commission of Texas and the Electric Reliability Council of Texas, which provide power to the state.
But Hawaii is seen as the biggest target given the crucial role it would play for the US if a conflict broke out over Taiwan.
According to Reynolds, Chinese military planners plan for “network warfare” to play a crucial role in amphibious invasions, coordinating air and missile strikes alongside cyber attacks on command networks, critical infrastructure, satellite networks and military logistics.
“These are things that they clearly consider relevant to a Taiwan scenario,” he said, “although they don't explicitly say this is how we're going to take over Taiwan.”
In May, Microsoft revealed Chinese efforts to infiltrate dozens of industries in Guam, the closest U.S. territory to Taiwan.
Brandon Wales of DHS's Cybersecurity and Infrastructure Security Agency (CISA).
Communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education organizations were targeted by Volt Typhoon.
That month, the 'Five Eyes' security alliance between the US, Britain, Canada, Australia and New Zealand offered new advice to companies on how to keep their systems secure.
But new requirements for states to report on cyber threats to their public water systems have been dropped by the Environmental Protection Agency in light of court challenges to federal “overreach.”
Beijing has a long history of cyber warfare with the West and managed to steal critical monitoring data from Canadian gas pipeline operator Telvent after breaching its firewall in 2012.
Hackers from the infamous Unit 61398 were held responsible and in 2014, five members of the unit were indicted for hacking into US companies.
But officials believe the strategy has changed from gathering intelligence to wreaking havoc.
And no company is too small or seemingly insignificant to escape Chinese attention.
CISA's Eric Goldstein told the Post that many targets “are not necessarily those who would have an immediately relevant connection to a critical function on which many Americans depend.”
“Opportunistic targeting based on where they can get access” is a way to gain access to an entire sector.
The NSA has warned that every employee is at risk of letting Chinese spies into their company, and has urged companies to push for mass password resets.
They want to better monitor accounts with high network privileges and warned that authentication that relies on a text message to a user's phone could be intercepted by foreign governments.
And while the Chinese are eager to project their growing military strength, the full extent of their cyber capabilities remains a closely guarded secret.
The Chinese aircraft carrier Liaoning was among the participants in exercises off the coast of Taiwan this summer
China's People's Liberation Army held exercises in Fujian Province in Pingtan County, China's closest point to Taiwan, in April
China's military declared it “ready to fight” this spring after completing three days of large-scale combat exercises around Taiwan, simulating the island's lockdown.
Jonathan Condra, a threat researcher at the security firm that uncovered August's attack on Texas energy companies, said the hackers “did this much more stealthily than if they were trying to get caught.”
President Joe Biden was expected to raise the concerns during his meeting with Chinese President Xi Jinping at the Apec Summit in San Francisco last month, but the topic was avoided.
But analysts have warned that this is a battle the US cannot afford to lose.
“This is a fight for our critical infrastructure,” Adamski said.
“We have to make it harder for them.”