Chinese Hacking Campaign Aimed at Critical Infrastructure Goes Back 5 Years

Article

An advanced group of Chinese hackers taking aim at U.S. critical infrastructure have been active for as long as half a decade, American and allied intelligence agencies said in a joint statement on Wednesday.

The U.S. National Security Agency, U.S. cyber watchdog CISA, the FBI, and the Transportation Security Administration said that the group known as “Volt Typhoon” had quietly burrowed into the networks of aviation, rail, mass transit, highway, maritime, pipeline, water and sewage organizations.

None of the organizations were identified by name, but the statement said that American intelligence officials have observed the hackers “maintaining access and footholds within some victim IT environments for at least five years.”

The statement, which was co-signed by Britain, Australia, Canada and New Zealand’s respective cybersecurity agencies, is the latest in a series of warnings from U.S. officials about Volt Typhoon, a group that has drawn particular alarm because it appears geared toward sabotage rather than espionage.

The widespread nature of the hacks has led to a series of meetings between the White House and private technology industry, including several telecommunications and cloud commuting companies, in which the U.S. government asked for assistance in tracking the activity.

Last week, Reuters reported that the U.S. government had launched an operation to fight Volt Typhoon by remotely disabling aspects of its operation.

“We are extraordinarily concerned about malicious cyber activity from the PRC state sponsored actor that industry calls Volt Typhoon,” senior CISA official Eric Goldstein, referring to the People’s Republic of China, told Reuters ahead of the statement’s release. “Most of the victims we have identified have no legitimate espionage value.”

News of the joint statement was first reported by CNN.