Commentary
A state-owned cyber theft actor that usually “only” steals information and gathers data in the United States and other places has been tasked by Chinese Communist Party (CCP) leadership with a new role of disrupting and even disabling America’s critical infrastructure. Moreover, the hacker group is in a position to do so right now.
In fact, it has been positioned to do so over the past five years.
Denying the US Control of Its Own Systems
According to a report issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Volt Typhoon, a threat group based in China, is “consistently targeting highly sensitive critical infrastructure” with what is known as an advanced persistent threat (APT). The latest intel indicates that the cyberattackers behind the APT have been focusing on vital operational technology (OT) networks by moving laterally within compromised U.S. infrastructure networks.The targeted infrastructures at immediate risk include operation technology networks in the communications, energy, water, and transportation sectors. These OT networks make up the central nervous system of our physical infrastructure. In other words, China now has the capability to deny the United States access to or the use of its operational control systems (OCS) and to deny us access to supervisory control and data acquisition hardware.
DOD Detects ‘Escalating Incursions’
This assumption is not based on theoretical access, cyber gaming, or what-if scenarios. Rather, it’s a fact that has been confirmed by the Department of Defense (DOD), which is detecting “escalating incursions” into U.S. military base infrastructure, telecom networks, utilities, other key operating systems, and OCSs. Defense analysts have concluded that Beijing has the capability and intention to launch mass disruptions of our ability to function as a modern society.What’s more, this capability would likely be used to paralyze our operation control systems before the CCP launched a kinetic military attack on the United States instead of doing so concurrently with kinetic warfare. In other words, the CCP’s first shot in a war with the United States would be taken by Chinese hackers attacking our operational systems, with the purpose of denying the United States its ability to fight back, communicate, or even get a glass of water or keep the lights on.
US Begins to Interfere With China’s Attacks
Since 2021, Volt Typhoon, also known as Bronze Silhouette or Vanguard Panda, has been engaged in testing and attacking U.S. systems and third-party contractors that work for the federal government and DOD contractors. In May 2023, analysts confirmed Volt Typhoon as a validated threat to critical infrastructure and the operations of military bases and systems. In late January, efforts to remotely interfere with and disrupt Volt Typhoon’s operations were led by the FBI and the U.S. Justice Department cyber teams.How China’s APTs can move laterally through networks and partner networks is of key importance as to why they pose the threat that they do. Lateral movement by attackers is neither a secret nor unique, but it does pose a high risk. It gives attackers much more access to sensitive data within a network, provides more places to hide, lets them identify the protections within the network so they learn how to avoid detection, and gives attackers unlimited access to other networks elsewhere.
In short, the attackers know that, eventually, military networks lead to the outside world, to both private and public networks. In a relatively short period, an APT attack on a U.S. military base network or operational system would threaten nonmilitary networks through third-party contractors, their nonmilitary customers and contacts, their contacts, and so forth.
Advanced Persistent (Sleeper) Threats
Just as insidious is the fact that Volt Typhoon APTs have, in many cases, actually been “sleeping” in our most critical infrastructure networks undetected for more than “half a decade.” They’re difficult to detect and have been gradually positioning themselves to gain access to our most sensitive areas of command and control and maximize disruption and damage to those systems. Volt and others use compromised small offices and home offices to route their traffic back to China as part of their stealth mode of operation.Moreover, the APTs were detected last year by Microsoft, and there are quite possibly others that remain undetected. According to John Hultquist, chief analyst at Mandiant Intelligence/Google Cloud, cyber analysts knew that Chinese hackers had a high interest in the U.S. military’s critical infrastructure, even though its value in terms of data or intelligence gathering is relatively low. The obvious reason is that Chinese military planners want to be able to sow paralysis and confusion in the United States before attacking us.
The War Before the War Is Here
Finally, according to CISA, “Volt Typhoon actors conduct extensive pre-exploitation reconnaissance to learn about the target organization and its environment; tailor their tactics, techniques, and procedures (TTPs) to the victim’s environment; and dedicate ongoing resources to maintaining persistence and understanding the target environment over time, even after initial compromise.”The bottom line?
Volt Typhoon is just a part of a larger data-gathering effort across our military networks and penetrating OT systems at the heart of our critical infrastructure. The intent is to shut them down on demand, leaving the United States unable to effectively manage its most critical operations. That includes disrupting command and control of bases, naval ports, and even the internet.
The DOD has concluded that the Chinese regime is laying the groundwork in cyberspace in preparation for an attack on the United States, Taiwan, or both.
Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
