Online hackers affiliated with China’s People’s Liberation Army have infiltrated critical services in the United States, according to a report by The Washington Post.

Hackers reportedly targeted key services, such as power grids and ports.

“A utility in Hawaii, a West Coast port and a pipeline are among the victims in the past year, officials say,” the outlet wrote.

“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of conflict,” Brandon Wales, Executive Director of DHS Cyber Security Agency, said.

WATCH:

“Rumble now reporting service disruptions,” Chuck Callesto reports.

According to Downdetector, Rumble experienced a spike in disruptions Monday morning.

“U.S. officials and cybersecurity experts warn that the Chinese military is increasingly attempting to infiltrate essential infrastructure, utilities, communication, and transportation services in the United States,” American Military News reports.

More from American Military News:

Morgan Adamski, director of the National Security Agency’s Cybersecurity Collaboration Center, told The Washington Post that China’s Volt Typhoon hacking operation “appears to be focused on targets within the Indo-Pacific region, to include Hawaii.”

Joe McReynolds, a China security studies fellow at the Jamestown Foundation, explained that hackers are trying to secretly “build tunnels” into infrastructure that can eventually be used in a cyber attack.

“Until then, you lie in wait, carry out reconnaissance, figure out if you can move into industrial control systems or more critical companies or targets upstream,” McReynolds said. “And one day, if you get the order from on high, you switch from reconnaissance to attack.”

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued an advisory in May, writing Volt Typhoon is a “People’s Republic of China (PRC) state-sponsored cyber actor.”

Per CISA:

Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.

This advisory from the United States National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK) (hereafter referred to as the “authoring agencies”) provides an overview of hunting guidance and associated best practices to detect this activity.

One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives. This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations. Some of the built-in tools this actor uses are: wmic, ntdsutil, netsh, and PowerShell. The advisory provides examples of the actor’s commands along with detection signatures to aid network defenders in hunting for this activity. Many of the behavioral indicators included can also be legitimate system administration commands that appear in benign activity. Care should be taken not to assume that findings are malicious without further investigation or other indications of compromise.

It’s critical to note the World Economic Forum has predicted for years that a cyber attack would cause more worldwide disruption than COVID-19.

From the WEF:

Join The Conversation. Leave a Comment.


We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.