FBI Director Christopher Wray this week issued what may be the starkest warning yet about the threat China-backed hackers pose to U.S. national and economic security.
In observations at Vanderbilt UniversityDuring the Modern Conflict and Emerging Threats Summit, Wray described Chinese hackers as outnumbering FBI personnel by at least 50 to 1 and ready to “devastate” U.S. critical infrastructure at a moment’s notice.
IImmediate and imminent threat
Private industry and government stakeholders must view the threat as immediate and implement plans to harden networks and respond to attacks now, the nation’s top law enforcement official said.
“THE [People’s Republic of China] has made it clear that he views every sector that makes our society function as fair game in his bid to dominate on the world stage,” Wray said. “His plan is to land low blows on civilian infrastructure to try to induce panic and break the American will to resist.”
Wray’s comments are based on repeated warnings issued in recent months by US officials – and the FBI itself – of a dangerous and systematic escalation of Chinese attacks against networks and systems belonging to organizations in critical infrastructure sectors. Wray and others have repeatedly described the intrusions as attempts by Chinese hackers to methodically preposition themselves for attacks designed to disrupt telecommunications, energy, water, technology and other critical infrastructure services when needed.
Chinese cyber attackers are “giving the Chinese government the ability to wait for the right moment to deliver a devastating blow,” Wray said. Beijing, he added, is building the capacity to discourage any American attempt to intervene in the event of a crisis between China and Taiwan.
Multifaceted attacks
Continued attempts by Chinese hackers to establish and maintain a presence on critical infrastructure add to the pressure U.S. organizations have faced for more than a decade from Chinese-backed cyber espionage and cybercrime groups. TO support economic initiatives Like Made in China 2025 and several separate five-year plans, Beijing has for years deployed cyber groups to systematically steal intellectual property and trade secrets from companies in key competitive sectors, Wray said.
Targets have included organizations in fields as diverse as biotechnology, aviation, artificial intelligence, agriculture and health care. “The People’s Republic of China is engaged in the largest and most sophisticated theft of intellectual property and expertise in the history of the world,” Wray noted. “You could close your eyes and pull an industry or sector out of a hat and, chances are, Beijing would target it.”
In recent months, the Volt Typhoon group has been one of the most visible faces of what the United States sees as China’s unhindered aggression in cyberspace. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and security vendors have reported the actions of threat actors on multiple occasions intrusions into US critical infrastructure networks AND operational technology environments with the goal of gaining a presence on these networks and waiting for instructions to attack. Last year, the New York Times identified Volt Typhoon hits military bases, prompting concerned Biden administration officials to admit that the threat actor’s malware was more endemic on U.S. networks than previously thought.
Scattershot and indiscriminate attacks.
Wray pointed to widespread attacks in 2021 that exploited zero-day vulnerabilities in Microsoft Exchange Server as one of the “most egregious examples” of China’s “scattered and indiscriminate cyber campaigns” in recent times. These attacks were supported by China Hafnium group distributing web shells for remote access on thousands of enterprise systems. The FBI – in an unprecedented move at the time – subsequently obtained a court order remotely remove those web shells from thousands of infected systems before the threat actor can use them to inflict further damage.
In response to the growing threat, the FBI has mobilized its field offices across the United States and around the world to address it, Wray said. The agency is also working with the US Cyber Command, the CIA and foreign law enforcement agencies to disrupt Chinese hacking operations. The effort included chasing known hackersmalware developers and owners of supporting infrastructure such as bulletproof hosting services and money launderers.
Private sector organizations can do their part by being more diligent about their cyber defense and response mechanisms and by sharing information that can prevent nascent threats from “metastasizing into other industries” and businesses, Wray said. “We saw the best results in situations where a company made a habit of contacting the local FBI office before there was any indication of a problem, because this put everyone on the same page and helped contributed to the preparation of the company.”