Washington: U.S. officials said Wednesday they disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure, as the head of the FBI warned that Beijing is positioning itself to disrupt the daily lives of Americans if the United States and China ever go to war.
The operation, announced just before FBI Director Chris Wray addressed House lawmakers, disrupted a botnet of hundreds of U.S.-based small office and home routers owned by private citizens and companies that had been hijacked by the Chinese hackers to cover their tracks as they sowed the malware. Their ultimate targets included water treatment plants, the electrical grid and transportation systems across the United States.
Speaking before the House Select Committee on the Chinese Communist Party, Wray said there’s been far too little public focus on a cyber threat that affects “every American.”
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray said.
Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, voiced a similar sentiment at the hearing.
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes — all to ensure that they can incite societal panic and chaos and to deter our ability” to marshal a sufficient response, she said.
The comments align with assessments from outside cybersecurity firms including Microsoft, which said in May that state-backed Chinese hackers had been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises.
At least a portion of that operation, attributed to a group of hackers known as Volt Typhoon, has now been disrupted after FBI and Justice Department officials obtained search-and-seizure orders in Houston federal court in December. U.S. officials did not characterize the disruption’s impact, and court documents unsealed Wednesday say the disrupted botnet was just “one form of infrastructure used by Volt Typhoon to obfuscate their activity.” The hackers have infiltrated targets through multiple avenues, including cloud and internet providers, disguising themselves as normal traffic.
