Hackers in communist China maintained persistent access to U.S. and allied systems for multiple years, a Biden administration official has said.
The cyber campaign appears to be part of a wider effort by the Chinese Communist Party (CCP) to prepare attacks on critical infrastructure, according to Israel Soong, director for East Asia and Pacific cyber policy at the National Security Council.
In the event of a conflict, China intended to use its cyber access to “cripple” critical systems, including power grids and communications platforms, Mr. Soong said during a July 16 speech at the Hudson Institute, a conservative think tank.
Intelligence leaders told Congress in February that the intrusion was detected in December 2023 and malware was removed from 600 government systems; however, the threat persisted in many infrastructure systems that are run by private companies.
Mr. Soong said many didn’t know that similar efforts had targeted numerous nations around the globe.
“What is public but is less well known is that the PRC has been doing the same propositioning to many other countries around the globe, including some who are our allies,” Mr. Soong said, using the acronym for the People’s Republic of China.
The Chinese regime could “persistently and aggressively maintain this cyber access for years on end,” he said.
The CCP invested heavily in cyber capabilities because it had developed a national strategy to “actively and intentionally dominate these areas in a strategic way,” Mr. Soong said.
“Beijing sees cyber and emerging technology as critical to the strategy to reshape the United States-led international order to be more favorable to the priorities of the Chinese Communist Party,” he said.
While CCP efforts to prepare for the sabotage of critical infrastructure are alarming, they are unlikely to be leveraged absent a major conflict between China and the United States, Mr. Soong said. That’s because an attack on U.S. infrastructure that results in American casualties would be considered an outright attack, he said.
That campaign, dubbed COATHANGER, allowed China-based hackers to achieve “permanent access” to vital systems, according to a Dutch statement. Moreover, Dutch intelligence last month confirmed that “it is likely that the state actor still has access to systems of a significant number of victims at the moment.”
Thus, the hackers continue to maintain their illicit access to key government agencies in the West.
It’s currently unclear if COATHANGER was designed purely for espionage purposes or as part of the broader CCP effort to prepare critical systems in foreign nations for sabotage.
U.S. and allied governments have faced difficulties effectively countering the Chinese regime’s massive cybercrime apparatus, partly because of a much smaller pool of leverageable cybersecurity professionals.
FBI Director Christopher Wray testified in April that the CCP was “sparing no expense in its attempt to hack, lie, cheat, and steal its way to the top as a global superpower.”