What to know about China's cyber threats
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
China has become the top hacking threat in 2024 with a recent series of attacks targeting critical U.S. infrastructure.
Why it matters: It's rare for public officials to share as many details as they have in recent weeks about ongoing cyber threats — underscoring just how concerned the Biden administration is about a Beijing-backed cyberattack.
Driving the news: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the FBI released an advisory Wednesday detailing how the Volt Typhoon hacking group is infiltrating the U.S.
The advisory presented a stark picture of the "persistent" threat, with China having access to some infrastructure for "at least five years."
- Typical malware detection tools can't detect these hackers' movements.
- And in some cases, Volt Typhoon had enough access to tamper with basic essential services, like water and energy controls.
The big picture: This is just the latest example of Chinese hackers targeting not only U.S. infrastructure, but also American businesses in the last year.
- But keeping tabs on everything going on — or even recalling what all has happened — has become a daunting task.
Who is Volt Typhoon, and why does it matter?
Volt Typhoon is a hacking group tied to the Chinese government whose sole mission appears to be maintaining network access to U.S. critical infrastructure.
- Microsoft first detailed the group's existence in May, and U.S. officials are worried the group is laying the foundation to strike key services in the lead-up to a possible Chinese invasion of Taiwan.
- The Washington Post reported in December that the group has targeted a water utility in Hawaii, a major West Coast port, and at least one oil and gas pipeline.
Hasn't China always hacked the U.S.? What's different now?
Historically, Chinese hackers have targeted U.S. businesses and government agencies to steal state secrets and other sensitive information.
- Volt Typhoon is the first group to look toward destructive cyberattacks — and a successful nation-state cyberattack on critical infrastructure could be seen as an act of war.
- This particular hacking group also shows a unique willingness to maintain access to these networks however it can: After the FBI took down a major Volt Typhoon botnet last week, the hackers quickly worked to try to get their access back, according to a report from Lumen Technologies this week.
How is China shaping Biden's cyber policy?
The main issue is that U.S. critical infrastructure — which ranges from major financial institutions to municipal water systems — just isn't ready to fend off basic cyber threats.
- A series of Iran-backed attacks on water systems late last year simply exploited the fact that operators still use basic passwords like "1111."
- The Biden administration is now weighing a series of regulations to mandate that operators prioritize cybersecurity, Anne Neuberger, deputy national security adviser for cyber and emerging technology at the White House, told reporters Thursday.
- The new regulations would add to the voluntary cybersecurity projects the White House has been pushing operators to pursue in recent years.
- "We no longer rely on only a voluntary public-private model," Neuberger added.
What does this mean for the average person?
Not much yet. The U.S. government's advisories and public hearings are intended to be a warning shot at China aimed at preventing a cyberattack that shuts down critical services.
- However, China is showing a new willingness to target internet-connected devices like routers, VPNs and firewalls.
- Be smart: Routinely check your router for software upgrades and apply multifactor authentication to all possible online accounts.
