Situation Report: Chinese malware targeting military and civilian critical infrastructures
The New York Times has reported the discovery of malicious Chinese malware embedded deep inside networks controlling “power grids, communications systems and water supplies that feed military bases in the United States and around the world.” This code could not only impact the infrastructure supporting the U.S. military, but officials believe the malware has the ability to adversely affect the civilian sector as well.
According to one congressional official, the computer code was in essence “a ticking time bomb” that could give the Chinese the ability to shut off critical infrastructures supporting military bases around the country, in areas such as electricity, water, and communications.
These new revelations come just months after Microsoft detected similar mysterious code in “telecommunications systems in Guam and elsewhere in the United States.” However, over a dozen officials said this particular Chinese effort, which goes “far beyond telecommunications systems,” has been going on for much longer. The U.S. government’s attempts to stop this type of malware have also been underway for quite some time, and it has become clear that the Chinese effort “appears more widespread — in the United States and at American facilities abroad — than they had initially realized.”
The Chinese organization that cyber experts believe is behind this wave of malware intrusions is known as “Volt Typhoon” and has also been labeled “BRONZE SILHOUETTE” in the cybersecurity world. According to the cybersecurity firm PICUS, Volt Typhoon “is a People’s Republic of China (PRC) state-sponsored APT group that focuses on stealthy and targeted cyber espionage campaigns against critical infrastructure organizations.”
Volt Typhoon was able to insert their code into computer systems so that it “blended in” with normal computer activity. Something that separates this type of malware from other Chinese types in the past is the intent of the code. Experts say “disruption, not surveillance, appears to be the objective” of these latest cyber penetrations.
Compared to the recent hacking of senior State Department officials that was declared to be “traditional espionage,” the new malware discovered near U.S. military based appears to have more offensive capabilities, and could potentially shut down power distribution at the press of a button.
The Chinese have become much more advanced in their methods of gaining access to these systems. George Barnes, the deputy director of the National Security Agency, explained earlier this month that China has figured out how to “steal or mimic” credentials of these computer networks’ system administrators. Once those credentials are acquired, they have free rein to go wherever they want inside the network and implant their malicious code.
This report of a more advanced Chinese cyber threat should concern the American people because in the United States, there is still no requirement by the federal government for the electric utility industry to detect, mitigate, or remove malware that is found in our electric grid.
- STG holds the government accountable to secure the grid - October 19, 2023
- Secure the Grid Coalition, along with former Speaker Gingrich, urge federal government to enhance grid security - September 22, 2023
- Situation Report: Russian hackers take credit for disrupting various US airline websites - October 11, 2022