U.S. warns China could hack infrastructure, including pipelines, rail
systems
Send a link to a friend
 [May 26, 2023]
By Raphael Satter, Zeba Siddiqui and James Pearson
(Reuters) -The U.S. State Department warned on Thursday that China was
capable of launching cyber attacks against critical infrastructure,
including oil and gas pipelines and rail systems, after researchers
discovered a Chinese hacking group had been spying on such networks.
A multi-nation alert issued Wednesday revealed the Chinese
cyber-espionage campaign had been aimed at military and government
targets in the United States.
The Chinese government has rejected assertions that its spies are going
after Western targets, calling the warning issued by the United States
and its allies a "collective disinformation campaign."
U.S. officials said they were still in the process of getting their arms
around the threat.
"We’ve had at least one location that we didn’t know about since the
hunt guide was released come forward with data and information," Rob
Joyce, the U.S. National Security Agency's (NSA) cybersecurity director,
told Reuters. The agency disclosed technical details earlier to help
critical service providers detect the spying.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA)
separately said it was working to understand "the breadth of potential
intrusions and associated impacts."
That would help it "provide assistance where needed, and more
effectively understand the tactics undertaken by this adversary," CISA's
executive assistant director, Eric Goldstein, told Reuters.
Part of the challenge in defending against this espionage work is that
it's more covert than regular spy operations, according to researchers
and officials.
"In these cases the adversary is often using legitimate credentials and
legitimate network administration tools to gain access to execute their
objectives on a target network," Goldstein said. "Many traditional
methods of detection, such as antivirus, will not find these
intrusions."
Microsoft analysts who identified the campaign, which they dubbed Volt
Typhoon, said it "could disrupt critical communications infrastructure
between the United States and Asia region during future crises" - a nod
to escalating U.S.-China tensions over Taiwan and other issues.
[to top of second column]
|
Computer code is seen on a screen above
a Chinese flag in this July 12, 2017 illustration photo.
REUTERS/Thomas White/Illustration
"The U.S. intelligence community assesses that China almost
certainly is capable of launching cyberattacks that could disrupt
critical infrastructure services within the United States, including
against oil and gas pipelines and rail systems," State Department
spokesperson Matthew Miller said in a press briefing.
"It's vital for government and network defenders in the public to
stay vigilant."
U.S. agencies have been pushing for improved cybersecurity practices
in its majority-privately held critical infrastructure industry,
after the 2021 hack of the key Colonial Pipeline disrupted nearly
half of the U.S. East Coast’s fuel supply.
Intelligence agencies in the United States, Britain and their close
allies issued an alert Wednesday to warn about Volt Typhoon.
Microsoft said the group had targeted critical infrastructure
organizations in the U.S. Pacific territory of Guam, and it was
using the security firm Fortinet's FortiGuard devices to break into
target's networks.
Researcher Marc Burnard, whose organisation Secureworks has dealt
with several intrusions tied to Volt Typhoon, said Secureworks had
seen no evidence of destructive activity by Volt Typhoon, but that
its hackers were focused on stealing information that would "shed
light on U.S. military activities."
NSA's Joyce said there was no doubt Volt Typhoon was putting itself
in position to carry out disruptive attacks.
"It’s clear that some of the entities on here are of no intelligence
value," he told Reuters of the critical infrastructure sites
identified by the government.
Chinese foreign ministry spokesperson Mao Ning told reporters that
the alerts issued by the United States, Britain, Canada, Australia
and New Zealand were intended to promote their intelligence alliance
- known as the Five Eyes - and it was Washington that was guilty of
hacking.
"The United States is the empire of hacking," Mao said.
(Additional reporting by Christopher Bing and Daphne Psaledakis;
editing by William Maclean, Mark Heinrich, Chizu Nomiyama and Leslie
Adler)
[© 2023 Thomson Reuters. All rights
reserved.]This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
