US Mounts Operation Against Chinese Hacking Network

US government reportedly launched operation late last year against Chinese hacking network, including remotely disabling elements of botnet

The US government launched an operation late last year to fight a Chinese state-sponsored hacking network aimed at disrupting US military communications, Reuters reported.

The operation targets a botnet set up by a group known as Volt Typhoon, which first came to light in May 2023, but which expanded its scope in late 2023 and changed some of its techniques, according to the news wire’s Tuesday report.

It said the Justice Department and the Federal Bureau of Investigation (FBI) sought and received legal authorisation to remotely disable aspects of Volt Typhoon’s botnet.

The botnet operates by taking over internet-connected devices such as security cameras or routers.

five eyes hacking security — From left to right: Australian Security Intelligence Organisation Director-General Mike Burgess, Canadian Security Intelligence Service Director David Vigneault, FBI Director Christopher Wray, New Zealand Security Intelligence Service Director-General of Security and Chief Executive Andrew Hampton, and MI5 Director General Ken McCallum at the Emerging Technology and Securing Innovation Summit in Palo Alto, California, on 16 October, 2023. Image credit: FBI

Hacking botnet

Those devices can then be used as a base to launch further attacks, making the malicious traffic appear to be coming from a local source.

The wide spread of Volt Typhoon’s botnet reportedly led to a series of meetings between the White House and private technology companies, including telecoms and cloud firms, who were asked by the US government for assistance in tracking the group’s malicious activity.

The hacking group is believed to be targeting US critical infrastructure including naval ports, internet service providers and utilities.

The botnet has taken over thousands of devices, Reuters said, citing unnamed Western security officials and other sources.

Read also : Russia Already Meddling In US Election, Microsoft Warns

Critical communications

“The Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP and then using that destination to route their intrusions into the real target,” an unnamed former official told Reuters.

“To the IT team at the downstream target it just looks like a normal, native user that’s sitting nearby.”

In a security advisory last May, Microsoft Threat Intelligence said it believed the Volt Typhoon campaign was intended to disrupt critical communications infrastructure between the US and Asia during future crises, such as a conflict with China over Taiwan.

Microsoft said at the time that the group began operations in mid-2021 and has targeted Guam and other locations in the US.

US-China tensions

It said targets ranged across the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Last May Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a “collective disinformation campaign” from the Five Eyes intelligence network comprising the United States, Canada, New Zealand, Australia and the UK.

The US and China have been locked in an escalating conflict for years over China’s efforts to develop an autonomous technology industry, particularly in the areas of high-end semiconductor production and artificial intelligence.

Read also : Open Source Groups Warn Of Ongoing Attacks