The U.S. government has initiated an operation in recent months to struggle against extensive Chinese hacking operation that effectively infiltrated many internet-connected devices, according to two Western security officials and one person familiar with the matter.
Reuters was informed by the sources that the Justice Department and Federal Bureau of Investigation actively pursued and obtained legal authorization to remotely deactivate certain components of the Chinese hacking campaign.
The Biden administration's attention has shifted towards hacking, not solely due to concerns about potential interference by nation states in the November U.S. election, but also because of the significant damage caused by ransomware attacks on Corporate America in 2023.
Intelligence officials are particularly concerned about the hacking group known as Volt Typhoon, as they believe it is part of a broader campaign to undermine critical infrastructure in Western countries. This includes targeting naval ports, internet service providers, and utilities, posing a significant threat.
In May 2023, the Volt Typhoon campaign was initially brought to public attention. However, the hackers behind it expanded their operations and modified their techniques in the latter part of the previous year, as stated by three individuals familiar with the situation.
The extensive scale of these cyber attacks prompted a series of meetings between the White House and various private technology industry representatives, including telecommunications and cloud computing companies. During these meetings, the U.S. government sought assistance in tracking the perpetrators' activities.
According to national security experts, these breaches could potentially provide China with the means to remotely disrupt crucial facilities in the Indo-Pacific region. These facilities, in some capacity, support or serve U.S. military operations. Sources have revealed that U.S. officials are concerned that the hackers may be actively working to undermine U.S. preparedness in the event of a Chinese invasion of Taiwan.
China has escalated its military operations near Taiwan in recent years, citing "collusion" between Taiwan and the United States. The Justice Department and FBI have chosen not to provide any comments on the matter, while the Chinese embassy in Washington has yet to respond to a request for comment.
When the Western nations initially raised concerns about Volt Typhoon in May, Mao Ning, a spokesperson for the Chinese foreign ministry, dismissed the hacking allegations as a "collective disinformation campaign" orchestrated by the Five Eyes countries. The Five Eyes refers to the intelligence sharing alliance comprising the United States, Canada, New Zealand, Australia, and the UK.
According to security researchers, Volt Typhoon operates by seizing control of numerous vulnerable digital devices worldwide, including routers, modems, and internet-connected security cameras. These compromised systems, forming a botnet, are then utilized to launch subsequent attacks on more sensitive targets. This poses a significant challenge for cybersecurity officials as it hampers their ability to detect foreign intrusions in their networks.
According to Reuters.