The US government has launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of Internet-connected devices, two Western security officials and one person familiar with the matter said.
The US Department of Justice and the FBI sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources said.
The administration of US President Joe Biden has increasingly focused on hacking, not only for fear nation states might try to disrupt the US election in November, but because ransomware wreaked havoc at US corporations last year.
Photo: AFP
The hacking group at the center of the activity, Volt Typhoon, has especially alarmed intelligence officials, who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, Internet service providers and utilities.
While the Volt Typhoon campaign initially came to light in May last year, the hackers expanded the scope of their operations late last year and changed some of their techniques, three people familiar with the matter said.
The widespread nature of the hacks led to a series of meetings between the White House and the technology industry, including several telecoms and cloud computing companies, where the US government asked for assistance in tracking the activity.
Such breaches could enable China to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations, national security experts said.
Sources said US officials are concerned that the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.
The justice department and the FBI declined to comment. The Chinese embassy in Washington did not immediately respond to a request for comment.
When Western nations first warned about Volt Typhoon in May last year, Chinese Ministry of Foreign Affairs spokeswoman Mao Ning (毛寧) said the hacking allegations were a “collective disinformation campaign” from the Five Eyes nations, a reference to the intelligence sharing grouping made up of the US, Canada, New Zealand, Australia and the UK.
Volt Typhoon has functioned by taking control of swaths of vulnerable digital devices around the world — such as routers, modems and even Internet-connected security cameras — to hide later, downstream attacks into more sensitive targets, security researchers said.
This constellation of remotely controlled systems, known as a botnet, are of primary concern to security officials because they limit the visibility of cyberdefenders that monitor for foreign footprints in their computer networks.
“How it works is the Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP [Internet service provider] and then using that destination to route their intrusions into the real target,” a former official familiar with the matter said.
“To the IT team at the downstream target it just looks like a normal, native user that’s sitting nearby,” the official said.
Malaysia yesterday installed a motorcycle-riding billionaire sultan as its new king in lavish ceremonies for a post seen as a ballast in times of political crises. The coronation ceremony for Malaysia’s King Sultan Ibrahim, 65, at the National Palace in Kuala Lumpur followed his oath-taking in January as the country’s 17th monarch. Malaysia is a constitutional monarchy, with a unique arrangement that sees the throne change hands every five years between the rulers of nine Malaysian states headed by centuries-old Islamic royalty. While chiefly ceremonial, the position of king has in the past few years played an increasingly important role. Royal intervention was
X-37B COMPARISON: China’s spaceplane is most likely testing technology, much like US’ vehicle, said Victoria Samson, an official at the Secure World Foundation China’s shadowy, uncrewed reusable spacecraft, which launches atop a rocket booster and lands at a secretive military airfield, is most likely testing technology, but could also be used for manipulating or retrieving satellites, experts said. The spacecraft, on its third mission, was last month observed releasing an object, moving several kilometers away and then maneuvering back to within a few hundred meters of it. “It’s obvious that it has a military application, including, for example, closely inspecting objects of the enemy or disabling them, but it also has non-military applications,” said Marco Langbroek, a lecturer in optical space situational awareness at Delft
The Philippine Air Force must ramp up pilot training if it is to buy 20 or more multirole fighter jets as it modernizes and expands joint operations with its navy, a commander said yesterday. A day earlier US National Security Adviser Jake Sullivan said that the US “will do what is necessary” to see that the Philippines is able to resupply a ship on the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) that Manila uses to reinforce its claims to the atoll. Sullivan said the US would prefer that the Philippines conducts the resupplies of the small crew on the warship Sierra Madre,
AIRLINES RECOVERING: Two-thirds of the flights canceled on Saturday due to the faulty CrowdStrike update that hit 8.5 million devices worldwide occurred in the US As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain. Government cybersecurity agencies across the globe and CrowdStrike CEO George Kurtz are warning businesses and individuals around the world about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage. “We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant