US is still chasing down pieces of Chinese hacking operation, NSA official says

Siva Ramakrishnan
The U.S. government has yet to learn the full extent of a massive Chinese espionage campaign that targeted American critical infrastructure, according to a senior National Security Agency official.

FORT MEADE, MARYLAND — The U.S. government has yet to learn the full extent of a massive Chinese espionage campaign that targeted American critical infrastructure, according to a senior National Security Agency official.

Federal agencies are “not done with efforts to uncover or eradicate” the threats created by the Chinese hacking group known as Volt Typhoon, said Rob Joyce, the outgoing director of the NSA’s Cybersecurity Directorate, during a roundtable with reporters on Friday.

Investigators are “still finding victims and making sure to clear out intrusions” tied to the sweeping operation, which Western nations first disclosed nearly a year ago, he said.

Joyce also acknowledged for the first time that the government used artificial intelligence to discover some of the breaches made during the campaign, noting that Volt Typhoon activity was difficult to initially identify because the group steals or generates “legitimate credentials” and doesn’t bring additional malware into a system.

Conversely, Joyce said he has seen “no examples of them using AI to date.” Instead, the prolific, state-sponsored outfit relies on bulk vulnerability scans to sniff out and exploit known weaknesses.

Joyce declined to comment on just how much of the operation the federal government has unearthed to date.

The new insights come a few weeks after some of the country’s top cybersecurity leaders issued stark warnings about the ability of Volt Typhoon and other Chinese hackers to compromise U.S. networks should a conflict with Beijing arise.

“Unfortunately, the technology underpinning our critical infrastructure is inherently insecure because of decades of software developers not being held liable for defective technology,” Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) told the House Select Committee on China.

“That has led to incentives where features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion,” she said during the January 31 hearing.

That same day, the Justice Department announced it had disrupted an effort by Volt Typhoon to infiltrate hundreds of insecure U.S. home routers and gain access to critical infrastructure.

The U.S. and its allies revealed the group’s actions last May when analysts at Microsoft found it had targeted systems ranging from U.S. telecommunication networks and transportation hubs to the military installation on the island territory of Guam.

Since then, the Biden administration has published over six digital security adversaries warning of the Volt Typhoon’s tactics and techniques.

“From the beginning, it’s been a broad campaign,” said Joyce, who noted targets included airlines as well as energy and pipeline organizations.

“The intent really goes back to inspiring societal panic,” he said.

That would, in turn, force the U.S. to “turn inward” and prevent the nation from being able to mobilize and support a conflict in the South Pacific, he told reporters, adding the view of the activity changed as we “expanded our knowledge about it”

That said, officials believe it would be a “pretty high bar” for Beijing to activate the group’s pre-positioning in Western networks, according to Joyce.

He told reporters he hoped Chinese officials would be “thoughtful” following the national anger at the discovery of Beijing’s high-altitude balloon campaign last year.

China’s military “sorely underestimated” the country’s response to that event, an anger that would only grow if state-backed hackers struck water and transportation systems, he predicted.

Joyce, who was the NSA’s initial pick to be its latest No. 2, instead will retire at the end of the month. 

He will be replaced by Dave Luber, who has held various posts at U.S. Cyber Command and has served as the Cybersecurity Directorate’s deputy chief for almost the last four years.

ChinaNation-stateGovernmentIndustryNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.

 

Total
0
Shares
Previous Post

New Zealand media company: Hackers directly targeting individuals after alleged data breach

Next Post

Cyberattack knocks out Pensacola city government phone lines

Related Posts

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of facilitating the unauthorized withdrawal of cash from ATMs," a security researcher who goes by HaxRob said.
Omega Balla
Read More