US and Allies Warn Chinese Cyberattackers Preparing for War

Chinese state-sponsored hackers are putting in place what they need for destructive cyberattacks on communications, energy, transport and water systems in the United States in case of a crisis or conflict, U.S. security agencies warned on Wednesday, saying some devices had been compromised for up to five years.

As Newsweek reported this week, Western security agencies are increasingly concerned that Chinese cyber actors are infecting critical online infrastructure in order to disrupt or disable them at short notice, in "pre-positioning" that could be vital to winning any future cyberwar.

The concerns come at a time of growing tension between the U.S. and China, which has invested widely in its military and cyber capabilities as it seeks to challenge the U.S. and achieve its goal of global pre-eminence by 2049.

The FBI recently announced a major counter-hacking operation in which U.S. agents identified a malicious botnet that had infiltrated vulnerable small office/home office internet routers in one example of pre-positioning. They successfully cut off communication between the malware and its controllers.

This week's warning on potential cyberattacks came from the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the FBI. Their statement was part of a joint advisory released by U.S. allies Australia, Canada, Britain and New Zealand—members of the "Five Eyes" intelligence alliance.

It said the entity behind the attacks was a state-backed hacking group in China called Volt Typhoon—also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus.

Wang Wenbin, a spokesperson for the Chinese Foreign Ministry, accused the Five Eyes alliance of "smearing and attacking China without any evidence."

"The Five Eyes alliance needs to know that falsely accusing China will not hide the fact that the Five Eyes alliance is the largest global intelligence agency and the U.S. is the No. 1 hacking state in the world," Wang said.

"We keep a firm stance against all forms of cyberattacks and resort to lawful methods in tackling them," he said. "Let's stay tuned and see what else is in the alliance's play script of spreading disinformation on 'Chinese cyberattacks.'"

The warning from the U.S. and allies said Volt Typhoon had compromised the IT environments of critical infrastructure organizations, including in communications, transportation, and water and power within the continental U.S. as well as on Guam.

"Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks," the agencies said.

The group's tactics, including knowledge of operational security, allowed for "long-term undiscovered persistence," their statement said. "In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years."

"The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts," said the advisory.

Western intelligence and cybersecurity sources who spoke to Newsweek said the hacking activity can directly target vulnerable online nodes or infiltrate the personal systems of those working in or adjacent to U.S. defense networks. Pre-positioning allows a sophisticated adversary like China to sabotage military installations to disrupt or delay responses in wartime, they said.

"It could have a very significant impact on what we need to do to provide a series of different options that our commander in the Indo-Pacific region would want to respond with," Gen. Paul Nakasone, who retired this month as head of U.S. Cyber Command and director of the National Security Agency, told the House China committee on January 31.

"Communications; an ability to be able to leverage our most lethal weapons systems. These are all areas that we would rely on," Nakasone said.

A Pentagon spokesperson told Newsweek this week that the U.S. was strengthening cooperation with allies in cyberspace, "and we regularly exchange information to bolster our collective preparedness to deal with cyber threats and expand avenues of cyber cooperation."

"Sharing our concerns with allies and working with them to shore up their cybersecurity remains a priority for the Department," the spokesperson said.