Chinese hacking group ‘active to this day’ despite US efforts to halt activities
Cybersecurity experts report that the Chinese government-linked hacking group, Volt Typhoon, continues its attacks on U.S. critical infrastructure unabated.
The U.S., generally hesitant about discussing cyberattacks or assigning blame to specific countries for hacks, has recently been vocal in criticizing China. This shift followed the revelation that a Chinese-government-linked hacking group, Volt Typhoon, had infiltrated U.S. networks last year.
U.S. federal entities and businesses linked to critical infrastructure are now urgently working to safeguard essential computer networks—such as those vital to power grids and transportation—from these cyber intrusions.
Cybersecurity professionals in Las Vegas for the two largest hacking conventions of the year acknowledge the uphill battle. Despite efforts to counteract these threats, the impact seems minimal.
“Volt Typhoon is active to this day,” Sherrod DeGrippo, director of threat intelligence strategy at Microsoft, mentioned at the BlackHat conference.
The potential for China to use cyberattacks in scenarios involving Taiwan, the Philippines, or increased U.S. military assistance to Taiwan has the Biden administration concerned.
Over the last twelve months, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the FBI, and similar organizations in allied countries have been more open about the risks posed by this Chinese group, offering security alerts and sharing information about the hackers’ activities.
Microsoft was among the first to publicly identify the group, revealing how Volt Typhoon had penetrated networks in Guam—a strategic U.S. territory—in addition to various organizations in sectors from construction to maritime.
“Generally, there has not been a change in the targeting at all,” DeGrippo explained. Alex Stamos, SentinelOne's chief information security officer, also stated that the administration's efforts haven't deterred China.
Cybersecurity officials continue their aggressive stance against the threat.
“I don’t think we have seen material changes yet, but as I’ve said, what we’ve found to date across multiple sectors is likely just the tip of the iceberg, and there is much we are not seeing,” CISA Director Jen Easterly told reporters at the BlackHat conference Wednesday.
“We are really clear that we are not comfortable with the direction of travel of the Chinese state in cyber,” added Felicity Oswald, CEO of the United Kingdom’s National Cyber Security Centre.
One approach U.S. officials are relying on is shaming or threatening China to curb its cyber activities; a tactic borne of necessity due to the stealth and persistence of the Volt Typhoon group’s methods.
“This is an access operation. … They are intentionally being very quiet, it is very hard to catch them,” Stamos explained. He emphasized the nuanced and subtle nature of what is considered malicious by these hackers.
“We all know, they know we know, they know we know they know, everybody knows what’s going on,” Stamos further clarified. He highlighted the mutual awareness within the cybersecurity community and the continual preparedness required to counter these threats.
The U.S. boasts advanced capabilities in cyberspace and has executed offensive cyber operations against other nations. These have been mostly covert but include disabling operations like the Stuxnet attack on Iran and interference with Russian disinformation efforts during the 2018 midterm elections.
Chinese authorities have countered by accusing the U.S. of cyberattacks and defamation. Liu Pengyu, spokesperson for the Chinese Embassy, disputed Volt Typhoon’s links to the Chinese government, labeling it a “ransomware cybercriminal group.”
“If China ever decides to put Volt Typhoon’s access to key networks into use, the consequences would be catastrophic,” Stamos cautioned, relating the risk to a potential clash involving Taiwan.Even as the U.S. pressures China on cybersecurity breaches, companies and federal agencies must remain ever-vigilant. The CrowdStrike incident, despite being an example of an inadvertent outage, serves as a stark reminder of the disruptive power of cyber intrusions. While the error was due to a faulty update and not an attack, it disrupted significant operations, grounding flights and delaying medical care across the United States.
“The Chinese would love to be that successful on day one — of the invasion of Taiwan, of disrupting the ability of the United States to respond to an invasion,” said Stamos, reinforcing the strategic implications of cyber operations in geopolitical conflicts.
Navigating the complex landscape of cybersecurity, especially concerning national security, involves not only defensive measures but also a robust understanding of the geopolitical tensions at play. The U.S. continues to leverage its technological prowess while emphasizing the need for resilience among private and public sectors against sophisticated threats like Volt Typhoon.
As cybersecurity conferences like BlackHat and DEF CON wrap up, the focus remains on enhancing collaborative efforts between government agencies and industry leaders to protect against evolving cyber threats. With both sides well-aware of each other’s capabilities and tactics, maintaining a state of readiness and anticipating adversaries' moves becomes paramount.
In conclusion, while the U.S. and its allies enhance their defenses and openly challenge the cyber threats posed by groups like Volt Typhoon, the outcome of these escalating cyber confrontations remains uncertain. Experts like Stamos and DeGrippo remind us that awareness, preparation, and collaboration are key to securing our digital frontiers against adversaries that are as formidable as they are relentless.
Rohan Mehta for TROIB News