US Stops Chinese Hacker Group 'Volt Typhoon' Threatening Critical Infrastructure

The Chinese president is very serious about handling cyber groups from China. (photo: x @potus)

JAKARTA - A United States government operation succeeded in stopping a network controlled by a Chinese hacker group known as the "Volt Typhoon." This was first reported by Reuters on Monday, January 29.

The group has sparked intelligence officials' concerns because it is considered part of a larger effort to compromise critical infrastructure in the West, including seaports, internet service providers, and utilities. The group is also raising concerns that hackers are trying to weaken US readiness in the event of a Chinese invasion of Taiwan.

Crisis

Almost every country in the world uses hackers to gather intelligence. Great powers like the United States and Russia have a number of such groups, which are widely dubbed colorful by cybersecurity experts, such as "Equation Group" or "Fancy Bear."

Experts began to worry as the groups switched from intelligence gathering to digital sabotage. So when Microsoft Corp revealed in a blog post in May last year that Volt Typhoon "was developing capabilities that could disrupt critical communication infrastructure between the United States and the Asian region during the future crisis," it was immediately linked to rising tensions between China and the United States linked to Taiwan. Conflicts between the two countries will almost certainly involve cyber attacks across the Pacific.

Botnet

Microsoft qualified its assessment last year as "moderate belief," an intelligence term that generally means a theory is trustworthy and has a credible but not yet fully verified source. Different researchers have identified various aspects of this group.

It is now seen that Volt Typhoon operates by taking over a number of vulnerable digital devices around the world - such as routers, modems, and even security cameras connected to the internet - to hide upcoming attacks on more sensitive targets.

Constellations of this remotely controlled system, known as botnets, are of great concern to security officials as they limit the visibility of cyber defenders who monitor foreign tracks on their computer networks.

Almost all cyber spies work to hide their tracks. The use of botnets by government hackers and criminals to wash their cyber operations is nothing new. This approach is often used when an attacker wants to quickly target multiple victims at the same time or try to hide their origin.

China routinely denies having carried out hacking, and so has it in the Volt Typhoon case. However, documentation of Beijing's cyber espionage campaign has grown for more than two decades. This Espionage has become a sharp focus in the last 10 years as Western researchers connect violations to special units in the People's Liberation Army, and US law enforcement demands a number of Chinese officers for the theft of American secrets.

Secureworks, part of Dell Technologies, said in a blog post last year that Volt Typhoon's interest in operational security is likely stemming from shame over the persistent US accusations attacks and "pressure is increasing from (China) leadership to avoid public attention to their cyber espionage activities."

President Joe Biden's administration is increasingly focused on hacking, not only for fear countries might try to disrupt US elections in November, but also for ransomware attacks causing chaos in the American corporate world by 2023.