Monday, November 18, 2024

FBI announces closure of China’s Bolt Typhoon infrastructure hack

Must read


FBI Director Christopher A. Wray said Wednesday that the bureau thwarted a massive Chinese government-backed effort to hack U.S. water, communications, transportation and energy facilities. that This is to disrupt essential services and add to the chaos in the event of a dispute.

During a House committee hearing, Wray said the FBI used a court-authorized operation to take control of hundreds of routers that a Chinese group known as Bolt Typhoon was using as a springboard to penetrate sensitive infrastructure. He testified that he stole it.

Wray also warned that China’s hacking force far outnumbers that of the United States and urged lawmakers to support investments in U.S. cyber defense. “Even if we brought together all of the FBI’s cyber agents and intelligence analysts and focused solely on the Chinese threat, Chinese hackers would still outnumber FBI cyber employees by at least 50 to 1,” he said. ” he said.

Hacking activity attributed to Bolt Typhoon was first publicly reported in May, when Microsoft discovered traces embedded in critical infrastructure in Guam, the closest U.S. territory to Taiwan and home to an important U.S. military presence. It was announced that.

The Washington Post reported in December that victims of the Bolt Typhoon malware attack included a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline. None of these intrusions affected critical functions of the targeted infrastructure, but they alarmed officials close to or claiming to serve U.S. military operations. I let it happen.

A future destructive order could cripple America’s ability to resupply bases in the Pacific, officials told the Post.

“This is probably just the tip of the iceberg,” said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Agency, testifying before the House Select Committee on the Chinese Communist Party.

The routers recovered by the FBI were older machines, typically found in small offices, that had not been maintained with security patches from their manufacturers or software providers. Once the vulnerability was discovered, it became easy prey for hackers who scan the internet for connected devices.

China’s Cyber ​​Army Infiltrates Critical U.S. Services

Volt Typhoon used these routers They hide the international origins of their traffic, use malicious code to get inside utilities and other targets, and often steal employee login credentials to maintain future access. The hackers also installed so-called “backdoors” that can be used to access the system.

Justice Department officials said the FBI sent commands to compromised Cisco and NetGear routers to remove malware that was used to control the routers and prevent reinfection. Four warrants have been filed due to the discovery of new outbreaks.

those actions themselves are not invalidated Lumen Technologies’ Danny Adamitis, who discovered some of the infections last year, said the only way to prevent further infiltration was through backdoor channels. But he said routers were “highways” used by hackers to move quickly across the Internet.

“I believe that actors can still work, but I think they may not be able to move at the same speed as before,” Adamitis said.

Wray’s comments were the first public acknowledgment of a broader operation to crack down on intrusions, but hackers are using sophisticated techniques and leveraging legitimate programs to move through a target’s environment. There were so many of them that it was difficult to target them.

The Easterly newspaper said US authorities had observed “very worrying developments”.Examples of Chinese hacking targeting Critical infrastructure in the United States in recent years.

“A major crisis on the other side of the world could endanger the lives of Americans right here at home through disrupted pipelines, disrupted telecommunications, contaminated water facilities, and paralyzed transportation. “It causes panic and chaos in society and impedes the ability to integrate military and civilian will,” she testified.

Officials say China hacked Japan’s secret defense network

Until now, China’s Ministry of Foreign Affairs had denied any link between Beijing and the Bolt Typhoon. Liu Pengyu, a spokesperson for the Chinese embassy in Washington, did not repeat that denial Wednesday, but said U.S. criticism of other countries’ cyber policies was “irresponsible.”

“The Chinese government has firmly opposed hacking attacks and the misuse of information technology,” he said. “The United States has the most powerful cyber technology of any country, but it uses such technology for hacking and eavesdropping more than any other country.”

The hearing marks the first time since the meeting between President Biden and Chinese President Xi Jinping that the U.S. and China have opened new channels of communication between military officials, as well as new dialogue on counter-drugs, climate and the economy, and friction in the relationship. It was held at a time when efforts were being made to alleviate the in San Francisco in November.

Last week, U.S. National Security Adviser Jake Sullivan met with Chinese Foreign Minister Wang Yi in Thailand and promised to continue talks on important issues, including talks on regulating artificial intelligence scheduled for spring. did.

Despite them Despite diplomatic progress, relations remain tense as the United States heads toward a general election and candidates refine their positions on China policy. Asked about a CNN report that said the Chinese government had promised not to interfere in the election, Mr. Lei expressed his skepticism.

“China has promised so much over the years that I think you’ll believe it when you see it,” he said.

The hearing is the latest in a series held by the House committee, which was established early last year to investigate what it says is a serious threat to the United States: China’s military, economic, and technological rise. , has developed a strong bipartisan position. Invasion.

The committee’s chairman, Mike Gallagher (R-Wis.), said Wednesday that the threat posed by recent Chinese hacking efforts is “unacceptable.”

“This is the same cyberspace that plants bombs on America’s bridges, water treatment plants, and power plants. There is no economic benefit to these actions. There is no pure rationale for intelligence gathering. The only purpose is to , to prepare to destroy America’s infrastructure.,” He said.

Cadell reported from Washington and Meng from San Francisco. Devlin Barrett and Eva Dou contributed to this report.



Source link

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article