China Poised for Disruptive Infrastructure Attacks Against US
The Washington Post, in an investigative report led by Ellen Nakashima and Joseph Menn, reveals a disturbing escalation and shift in the cyber efforts of the Chinese military. Their focus is on key components of American infrastructure, including power utilities, water systems, communications networks, and transportation systems. The report details the activities of hackers linked to China’s People’s Liberation Army, successfully compromising over "two dozen" critical entities. The entities targeted, as per the Washington Post, include "a water utility in Hawaii, a major West Coast port, and at least one oil and gas pipeline," underscoring the expansive nature of China's cyber campaign. Additionally, sources informed the Washington Post, there were attempts to breach the operator of Texas's power grid, highlighting the aggressiveness of the Chinese military's cyber operations.
The selection of targets appears strategic, concentrating on critical infrastructure that, if compromised, could disrupt logistics and create chaos, particularly in a potential U.S.-China conflict in the Pacific. The emphasis on Hawaii, housing the Pacific Fleet, along with key ports and logistics centers, indicates a deliberate effort to impede U.S. military operations and project power in the region, particularly in a potential conflict over Taiwan. The report not only outlines the sophisticated targeting of major critical infrastructure but also underscores China's interest in opportunistic attacks, even involving smaller businesses as potential entry points for a broader supply-chain attack.
A primary threat actor identified in these disruptive attacks is the notorious "Volt Typhoon," a group previously reported on by Microsoft in May 2023. The details provided by The Washington Post align seamlessly with insights from Microsoft and other sources. While the report doesn't delve into the specifics of Volt Typhoon's tactics, techniques, and procedures (TTPs), it does emphasize the group's focus on obtaining compromised credentials and its proficiency in targeting edge devices like routers.
Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), articulates the gravity of China's cyber activities, stating, “It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict." Wales emphasizes the observed transition in objectives, highlighting that China's current goal to cause disruptions represents "a significant departure from Chinese cyber activities seven to 10 years ago, which were primarily centered on political and economic espionage." This shift in focus signifies a strategic evolution, underlining the nation's move from mere information gathering to actively destabilizing critical infrastructure, intensifying the potential impact on both national security and societal stability. As reiterated by The Washington Post, "Today, based on intelligence collection and the fact that the facilities targeted have little intelligence of political or economic value, U.S. officials say it’s clear that the only reason to penetrate them is to be able to conduct disruptive or destructive actions later."