China hacks home Wifi prior to cyber attacks
State-sponsored group preparing to disrupt US electricity grid and water supplies, says Washington
CHINESE state-sponsored hackers have infiltrated outdated home and office wifi routers in the US ahead of attacks on electrical grids and water supplies.
A US government investigation found that hundreds of old routers had been infected with malware by a Beijingbacked hacking group known as “Volt Typhoon”. The FBI yesterday said it had deleted the malware that was distributed on the routers of unknowing Americans to gain a foothold in the country’s critical national infrastructure.
The UK’S National Cyber Security Centre has previously warned that hackers backed by the Chinese state were attempting to infiltrate Britain’s key infrastructure and hiding in computers to “evade detection”.
The Five Eyes intelligence network of the UK, US, Canada, New Zealand and Australia issued a joint statement last May asking infrastructure providers to be vigilant to Chinese threats. The warning came after Volt Typhoon hacked into a US military outpost in the Pacific Ocean.
Yesterday the FBI said Volt Typhoon had used its malware to disguise the fact that the hack had been conducted by the Chinese government, adding that the “vast majority” of routers affected were out of date Cisco and Netgear machines that had not received recent security updates. Unlike previous attacks, the hack was directed at internet routers in small and home offices, rather than at government agencies or infrastructure providers.
Christopher Wray, the FBI’S director, warned Congress on Wednesday that the Chinese government increasingly targets civilians. “They’re not focused just on political and military targets. We can see from where they position themselves across civilian infrastructure, that low blows aren’t just a possibility in the event of conflict,” he told the House of Representatives’ select committee on competition with China. “Low blows against civilians are part of China’s plan. I do want the American people to know that we cannot afford to sleep on this danger.”
Mike Gallagher, the committee’s chairman, said the attacks were the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants”.
“There is no economic benefit for these actions. There is no intelligence gathering rationale,” he said. “The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”
Analysis by Lumen, a cyber security firm has found that the hostile Chinese “botnet” has been active on routers in the US for almost two years, and would not be detectable by a user because it does not prevent them from working.
The malware works by infecting a router and attempting to connect with other machines to spread across a network.
The ultimate goal of the hackers is to gain access to infrastructure networks to disrupt daily life for American citizens, officials said.
Government cyber security experts have already discovered Chinese software in aviation, water, energy and transportation infrastructure, and yesterday warned that the public should prepare for an unexpected attack..
The FBI told manufacturers to ensure that security updates are installed automatically on their routers, and require a manual override for the removal of security settings.
Merrick Garland, the US attorney general, said: “The justice department has disrupted a Prc-backed hacking group that attempted to target America’s critical infrastructure utilising a botnet.”