The US government took action against a large-scale Chinese hacking campaign that targeted internet-connected devices. This hacking group, known as Volt Typhoon, aimed to compromise critical infrastructure including utilities and internet service providers.
The US Justice Department and FBI worked together to disrupt aspects of the hacking campaign. This decision stemmed from growing concerns about Chinese hacking efforts, including potential interference with the upcoming elections and ransomware attacks on American businesses.
Security experts believe Volt Typhoon’s activities could allow China to disrupt important facilities in the Pacific region, potentially impacting US military operations. The US is particularly concerned about the possibility of hindered readiness in case of conflict with China over Taiwan.
Volt Typhoon operates by hijacking everyday devices like routers and cameras to mask their attacks on more sensitive targets. This creates a network of compromised devices, known as a botnet, making it difficult to track the hackers’ origins. Security officials are highly concerned about these botnets as they allow attackers to appear like legitimate users on a network.
The use of botnets is a common tactic for both government and criminal hackers, allowing them to target a large number of victims or mask their identities.
Christopher Bing and Karen Freifeld for Reuters:
Volt Typhoon has functioned by taking control of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks into more sensitive targets, security researchers told Reuters.
This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because it limits the visibility of cyber defenders that monitor for foreign footprints in their computer networks.
“How it works is the Chinese are taking control of a camera or modem that is positioned geographically right next to a port or ISP (internet service provider) and then using that destination to route their intrusions into the real target,” said a former official familiar with the matter. “To the IT team at the downstream target it just looks like a normal, native user that’s sitting nearby.”
