Recently, there has been a surge in alerts and warnings concerning cyberattacks by People’s Republic of China (PRC) state-sponsored threat actors on U.S. critical infrastructure. On February 7, 2024, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency and their counterparts in Australia, Canada, the United Kingdom, issued an advisory warning to governmental organizations regarding Chinese cyber actors poised to disrupt critical infrastructure, such as water treatment plants, electric grids, oil and natural gas pipelines, and transportation system. This comes on the heels of FBI Director Christopher Wray, CISA Director Jen Easterly, and U.S. Cyber Command Army General Paul Nakasone testifying to Congress regarding increased cyberattacks by PRC-sponsored hackers on U.S. critical infrastructure.
On January 31, 2024, in Director Wray’s remarks to Congress, he urged for an increased public focus on how Chinese hackers have not only been targeting U.S. military and political targets, but also civilian infrastructures in preparation for a conflict in the future. Director Wray also emphasized that China has “a bigger hacking program than every other major nation combined,” which greatly outnumbers FBI’s cyberpersonnel.
Director Wray further announced a successful, court-authorized operation to remove malicious code found in hundreds of U.S.-based small office/home office routers taken over by Volt Typhoon, a threat actor sponsored by the PRC. Volt Typhoon’s malware allowed China to exploit networks and perform operational reconnaissance to disrupt the functionality of U.S. critical infrastructure. However, according to CISA Director Easterly, recently discovered Chinese intrusions into U.S. critical infrastructure are just the “tip of the iceberg.”
Director Easterly provided more insight into how Chinese hackers have been targeting U.S. critical infrastructure. In her opening statement, Director Easterly mentioned how Chinese hackers easily infiltrate infrastructure by exploiting known product defects, which are the result of companies prioritizing product features and speed to market over security.
Companies are encouraged to adopt safety measures, including immediately reporting a cyberattack incident to the FBI or CISA, enrolling in CISA’s free services to identify and repair vulnerabilities, and implementing CISA’s Cybersecurity Performance Goals and advisories (such as the Incident Response Guide for Water and Wastewater Sector), to strengthen their defenses against such cyberattacks.
[View source.]