The Attacks On American Infrastructure By Chinese Hackers Are Not Going Away

( — Cybersecurity experts say the threat to US infrastructure from a group of Chinese hackers remains as high as ever, despite the federal government’s effort to call attention to the group and thwart its activities, Axios reported.

Last May, the Five Eyes intelligence alliance (US, UK, Australia, Canada, and New Zealand), reported that the Chinese state-sponsored hacking group Volt Typhoon had hacked critical US infrastructure, including in the US territory of Guam. In some cases, the hacker group was able to maintain stealthy access to these networks for five years or more.

The Washington Post reported last year that cybersecurity officials found evidence that Volt Typhoon hackers were targeting shipping ports, electric grid operators, and water systems.

According to cybersecurity experts, unlike most state-sponsored hackers, the Volt Typhoon group has not let its exposure stop it from targeting US infrastructure.

Former acting National Cyber director Kemba Walden said at a San Francisco conference last week that she was “alarmed” at what Volt Typhoon and other state-sponsored Chinese hackers were capable of doing.

CISA Director Jen Easterly told Politico in March that even after congressional hearings, official advisories, and botnet takedowns disrupting their operations, Chinese hacking groups like Volt Typhoon have not changed their behavior.

What makes the threat from Volt Typhoon so unique isn’t that its tactics are especially sophisticated. Instead, it is because the group is so persistent and can exploit most infrastructure operators’ lack of resources.

Ben Read, Mandiant’s director of cyber espionage analysis, told Axios that the tactics used by Volt Typhoon would be easy for any skilled hacker, and combating them would require a level of coordination between infrastructure operators in the US to clamp down on cyber threats. However, such coordination is currently nonexistent.

For the US water system alone, there are at least 150,000 individual systems. Each system operator would need to prioritize such CISA advice as password resets and software updates. A similar fragmented setup exists in most of the country’s 16 infrastructure sectors.

To address the lack of coordination, CISA recommends that infrastructure operators maintain and regularly review their network activity logs, implement multifactor authentication, and install automatic threat detection tools.

Copyright 2024,