Security officials warn that hackers linked to the Chinese government have attacked and shut down U.S. water, gas, and electricity supplies, and are also targeting public utilities and transportation systems.

The Washington Post reports that a hacking group affiliated with China's People's Liberation Army is working to destroy major infrastructure such as America's electricity, water, communications, and transportation systems.

China's cyber intrusions have hit ports and utilities, officials say - The Washington Post

According to the Washington Post, evidence has been confirmed that hackers affiliated with the People's Liberation Army of China have infiltrated the networks of about two dozen important organizations, including water facilities in Hawaii, major ports on the U.S. West Coast, and oil and gas pipelines. That's what he said. These intrusions are thought to be a strategy to cause panic on the American side and disrupt logistics in the event of a war between the United States and China.

Since around 2022, the US government has been investigating a large-scale cyber attack called ``Volt Typhoon.'' Morgan Adamski, director of the National Security Agency's (NSA) Cybersecurity Cooperation Center, said, ``Volt Typhoon's activity appears to be focused on targets within the Indo-Pacific region, including Hawaii.''

Microsoft warns that Chinese government-affiliated hacker group ``Bolt Typhoon'' is conducting espionage activities targeting critical infrastructure - GIGAZINE

According to US officials, Hawaii is a particular target of cyberattacks. Hawaii is the home base of the Pacific Fleet, and it is thought that the intention is to reduce America's military strength even a little in the event that China invades Taiwan.

Attacks on infrastructure-related networks are not new. In 2012, Telvent, a Canadian company that remotely controlled major natural gas pipelines in the North American area, was notified that sophisticated hackers had breached its firewall and stolen data related to its industrial control systems. did. According to cybersecurity company Mandiant, the hacking was determined to have been carried out by Unit 61398, a hacking group of the Chinese People's Liberation Army, whose five main members were suspected of hacking into American companies in 2014. I was indicted.

At the time of the incident, it was not clear whether the purpose of the hack was to gather information or whether it was a preliminary maneuver to cause chaos. However, as the targeted facility contained little information of political or economic value, it is believed to be part of a sabotage operation.

Brandon Wales, executive director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), said, ``China's operations to compromise critical infrastructure would be dangerous in the event of war between the United States and China.'' , it is clear that it would pre-arrange critical infrastructure to be disrupted or destroyed, or that it would prevent the United States from exerting force against China.It would create a crisis in Asia or create social chaos within the United States. 'It could cause problems or influence our decision-making.'

Cyber attacks by the Chinese government do not hack and destroy on the spot, but rather hack and build tunnels in the infrastructure and prepare for attacks later. Therefore, although their intrusions are usually reconnaissance-level, it is expected that they will turn into attacks all at once if there is an order from the Chinese government.

In the summer of 2021, the Biden administration introduced cyber regulations for oil and gas pipelines after an oil pipeline on the East Coast of the United States was attacked by ransomware . Additionally, the Environmental Protection Agency announced in March 2023 that states will be required to report on cyber threats during audits of public water systems. However, the Environmental Protection Agency's decision was rescinded after some states criticized it as going too far.

“The most difficult part is determining that a breach has occurred and ensuring that the attackers are removed once the breach is detected,” Adamski said. The NSA recommends mass-resetting network administrative passwords and increasing monitoring of accounts with high network privileges. It also urges businesses to require more secure forms of multi-factor authentication, such as hardware tokens, rather than relying on emails that can be intercepted by foreign governments.

in Security, Posted by log1i_yk