Skip to content

WASHINGTON, DC - 31 JANUARY: (L-R) Commander of the U.S. Cyber Command Army Gen. Paul Nakasone; Jen Easterly, Director of the Homeland Security Department's Cybersecurity and Infrastructure Security Agency; and FBI Director Christopher Wray testify before the House (Select) Strategic Competition Between the United States and the Chinese Communist Party Committee on Capitol Hill on 31 January 2024 in Washington, DC. The Committee heard from intelligence officials on China's cyber threat to the United States. (Photo by Kevin Dietsch/Getty Images)

FBI: Nation-State Efforts to Damage Critical Infrastructure Disrupted

U.S. officials said they disrupted a state-backed Chinese effort to potentially disrupt and damage civilian infrastructure, including water treatment plants, the electrical grid, and transportation systems.

The U.S. Department of Justice (DOJ) announced on 31 January that the FBI had worked with partners to identify Wi-Fi routers that had been infected with malware allegedly originating from a Chinese government-sponsored hacking group, Volt Typhoon.

“The vast majority of routers that comprised the KV Botnet were Cisco and NetGear routers that were vulnerable because they had reached ‘end-of-life’ status; that is, they were no longer supported through their manufacturer’s security patches or other software updates,” the DOJ explained. “The court-authorized operation deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.”

In an appearance before the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, FBI Director Christopher Wray said, “The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors—steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous.”

In the same hearing, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly added, “This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes—all to ensure that they can incite societal panic and chaos and to deter our ability to marshal military might and citizen will.”

The Volt Typhoon hackers were allegedly using the botnet on home routers as a stepping stone to hide in U.S. Internet traffic while burrowing into the networks of critical infrastructure, lying in wait until the opportune time to strike and disrupt operations, according to the Associated Press.

Easterly called out software developers, which have been insulated from responsibility for security defects in their products, she said. “This has led to misaligned incentives that prioritize features and speed to market over security, leaving our nation vulnerable to cyber invasion. That must stop. Technology companies must help ensure that China and other cyber actors cannot exploit defects in technology products to saunter into the open doors of our critical infrastructure to prepare destructive attacks. They must build and deliver products that are secure by design.”

The two governments regularly accuse each other of cyber intrusions, and China denounced the latest allegations as baseless.

For more information on the state of critical infrastructure protection, check out the new edition of Security Technology.