- Hacking groups affiliated with China have targeted critical infrastructure assets in the U.S., including utilities, communications, and transport.
- The attack is seen as a part of China’s Volt Typhoon cyber campaign, which the U.S. government has observed for around a year now.
Hackers affiliated with the Chinese People’s Liberation Army have allegedly intruded into the computer systems of dozens of critical infrastructure units of the U.S. government. These include water and power utilities, oil and gas pipelines, and transportation and communication entities. It is speculated that this is part of a broader effort by the PLA to hit logistics targets in terms of a U.S.-China conflict in the Pacific region.
Both China and the U.S. have blamed each other for years on cyberattacks; the latest series of alleged attacks from the Chinese have been referred to as the Volt Typhoon campaign. Key victims of the campaign include a port on the West Coast, water utilities systems in Hawaii, a critical oil and gas pipeline, and a Texas power grid operator.
So far, such intrusions have not caused any disruptions. However, the attack on systems in Hawaii has been suggested to aim at potential disruptions to the operations of the Pacific fleet. The hackers running the Volt Typhoon campaign have stolen employee credentials with back door entries and have used arbitrary home and workplace routers to hide their tracks.
The Volt Typhoon attacks have been active since 2021 and have affected multiple sectors, including manufacturing, education, communications, information technology, utilities, construction, and more.
The U.S. government has been working on mitigation strategies with tech companies and the private sector. This includes actions such as more stringent monitoring, improvements to authentication methods, and large-scale password resets, among others.
This is far from the first cyberattack that has come from nation-state actors. Active PLA hacking groups have attacked entities in Canada and Guam, among others. The issue highlights the rapidly growing use of cyber attacks in warfare and geopolitics by countries worldwide and the need for governments to set up appropriate international mechanisms to deal with an increasingly precarious situation.