The growth and development of new technologies have streamlined operational efficiency across most major international industries over the past decade alone. This, coupled with the increased integration of web-based practices by the very businesses encompassing these sectors, as well as adoption on the consumer level, has culminated in an unprecedented level of cross-border interconnectivity that has largely underwritten the growth of the global economy on a number of fronts. However along with these positive developments have come increased risks of crime and exploitation of the cyberspace for personal gain on behalf of bad actors. However, recent history has demonstrated that under many circumstances these malicious actors are not acting alone. In several cases, those behind some of the major hacking and ransomware exploits that have made headlines over the past several years have been proven to have direct backing by government entities seeking to push their own national interests at the expense of both individual citizens and the infrastructure developed by their counterparts.
The People’s Republic of China (PRC) has become arguably the United States greatest foe in the cyber-realm, with commander of United States Cyber Command Army General Paul M. Nakasone regarding the cyber challenge posed by China as unlike any challenge ever faced by the U.S. and its allies.2 China has long been alleged by the U.S. to have promoted various state-organized economic espionage activities as well as the theft of intellectual property in violation of current international trade agreements. Earlier this year, Global RADAR reported on Chinese hackers utilizing malware to target critical U.S. infrastructure (i.e. the various assets, systems, and networks that provide functions necessary for our way of life) including those systems that provide water, energy and even food to U.S. citizens. These critical systems have become a major target for opponents of the U.S. given blatant cyber-security vulnerabilities that have become exposed within the past year alone. Hackers operating on behalf of sanctioned entities in Iran, and both Russian and Chinese operatives, have been able to breach critical infrastructure systems with targeted attacks, causing significant damage and culminating in the American government shifting focus onto new means of combatting threats posed by both independent and state-sponsored actors.
The Wall Street Journal recently reported that the PRC is once again threatening the national security initiatives of the United States with a new series of targeted cyber-attacks led by APT group Salt Typhoon. Under this ploy, hackers with direct links to the Chinese government have initiated a new wave of hacking exploits in which they have earmarked several major broadband internet service providers located within the U.S. in order to infiltrate American cyber-networks in pursuit of sensitive information. The WSJ writes that in this form of activity, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack.1After discovery, U.S. officials have called out the activity and claim to be taking steps to counter these latest nefarious Chinese efforts.
According to government officials, the U.S. and its allies have had the security of their internet service providers compromised by what they are calling a “botnet”. Botnets are essentially large networks of internet-connected devices that have been infected with malware. Just like an infected person can quickly spread a virus when placed in a crowd of healthy individuals, these infected devices can spread their malware to other devices found within their networks. The National Cyber Security Centre (NCSC) says that a Chinese company, with links to their government, maintains a botnet of over 260,000 devices around the world. More than half of these are believed to be located in the U.S. A common tactic with these botnets is to simply overwhelm a website or network with traffic in what’s known as a denial of service (DDoS) attack. The goal is to overload the system and cause it to go offline. Bots can also be used to gather intelligence through devices such as hacked CCTV cameras, routers, and webcams.
Paul Chichester, NCSC Director of Operations, said: “Botnet operations represent a significant threat…by exploiting vulnerabilities in everyday internet-connected devices with the potential to carry out large-scale cyber-attacks. Whilst the majority of botnets are used to conduct coordinated DDoS attacks, we know that some also have the ability to steal sensitive information.”3
Reports have indicated that investigators are exploring whether the intruders ultimately gained access to Cisco Systems routers – the core network components that route much of the traffic on the internet1 – with Microsoft and Cisco now performing additional internal investigations to see if they have fallen victim to this illicit cyber activity. “At this time, there is no indication that Cisco routers are involved” in the Salt Typhoon activity, stated a Cisco spokeswoman following these reports however.1
FBI Director Christopher Wray further emphasized the severity of the Chinese threat in his recent comments at a security conference in Germany. “The cyber threat posed by the Chinese government is massive,” said Wray. “China’s hacking program is larger than that of every other major nation, combined.” Just last week, Wray revealed that his agency and international law enforcement disrupted a 260,000-device botnet controlled by a different Beijing-linked hacking squad called Flax Typhoon, which had been building their botnet since 2021 and had also been using it to target critical infrastructure over this time period.
Of course, as we have reported many times, Chinese officials responded to the allegations in their usual manner: down-playing their involvement and blaming the U.S. for over-reaching. In fact, Chinese officials asked about these allegations went as far as to claim that American spies somehow pieced together an elaborate false evidence scheme against them. For what purpose? It is not yet known. All told, the hacking risks posed by adversaries to the U.S. and its allies continue to not only threaten national security, but also the well-being of global citizens who are caught in the cross-hairs of this new age of cyber-warfare. The American government will have to continue to promote the allocation of manpower and utilize potent counter-intelligence systems to further thwart these growing risks.
Citations
- Krouse, Sarah, et al. “China-Linked Hackers Breach U.S. Internet Providers In …” The Wall Street Journal, 26 Sept. 2024.
- Lopez, Todd. “U.S. Can Respond Decisively to Cyber Threat Posed by China.” U.S. Department of Defense, 1 Feb. 2024.
- “UK and Allies Issue Cyber Attack Warning over China-Backed ‘botnet’ of 260,000 Compromised Devices.” Sky News, Sky, 18 Sept. 2024.
