The U.S. National Security Agency (NSA) issued a warning that the People’s Republic of China (PRC) has state-sponsored hackers targeting U.S. critical infrastructure with tools already built into the nation’s computer networks.
This Chinese espionage effort does not use malware, but instead exploits “living off the land” tactics which allow a hacker to evade detection by using built-in network administration tools to blend in with normal Windows system and network activities. This method of intrusion also avoids detection products that notify administrators that a system has been compromised.
“Cyber actors find it easier and more effective to use capabilities already built into critical infrastructure environments. A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defenses and leaving no trace behind,” Rob Joyce, NSA Cybersecurity Director, said in a May 24 joint statement with other U.S. security officials. “That makes it imperative for us to work together to find and remove the actor from our critical networks.”
China’s cyber actor is known as Volt Typhoon, which focuses on espionage and information gathering, and is developing capabilities that could disrupt critical communications infrastructure for the U.S. during a future crisis, according to a statement issued by Microsoft, which manufactures the Windows operating system.
The latest warning about potential disruptions to U.S. communications networks at the hands of a Chinese spy comes only days after U.S. senators were issued satellite phones to “ensure a redundant and secure means of communication during a disruptive event.”
Volt Typhoon has been active since mid-2021 and has already targeted critical infrastructure within the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors, Microsoft explained.
“For years, China has conducted operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations around the globe,” Jen Easterly, U.S. Cybersecurity and Infrastructure Security Agency Director, said in the joint statement. “Today’s advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation’s critical infrastructure.”
News of Volt Typhoon adds to public awareness of a broader and persistent espionage effort by China.
Last month, the NSA warned U.S. tech companies to beware of Chinese attempts to steal their artificial intelligence technology.
In July 2022, the FBI and the U.K.’s domestic security agency MI5 issued a first-ever joint statement to address the growing threat posed by the Chinese Communist Party.
The NSA also urged companies to beef up their security in 2020, stating that China was exploiting dozens of unpatched network vulnerabilities.