The Chinese are reportedly targeting US infrastructure in the latest wave of cyberattacks
After the recent suspicious cyber attack on a water treatment plant in the US, which the officials of this country believe came from Iran, there is another cycle of attacks on American infrastructure facilities, this time also on energy facilities. Now, however, the Chinese are reportedly targeting key infrastructure through groups linked to the Asian nation’s military, according to US authorities.
US administration officials say the Chinese military is targeting a number of water and energy facilities across the country and that transportation systems are among the obvious targets. As the Washington Post writes, the groups that carry out the attacks do so in order to develop a broader attack plan that they would implement in the event of a war between these two world powers.
Disabling key infrastructure after the outbreak of hostilities would slow logistics, create potential hysteria in populated areas, and ultimately destabilize the nation.
The cyber attacks are allegedly carried out by groups associated with the People’s Liberation Army of China, and hackers have infiltrated twenty to thirty locations across the country, according to unnamed US officials in a statement to the aforementioned portal.
Among the targets were water infrastructure in Hawaii, a Texas power grid operator, a West Coast port and at least one oil and gas pipeline. Although the attacks are serious, no critical control systems have apparently been breached.
The well-known Chinese hacking group Volt Typhoon, which has previously been linked to the Chinese military, is a possible perpetrator, and has previously been known to use a wide range of sophisticated hacking tactics such as LOTL (Living Off the Land). This type of hacking uses legitimate tools that are already present on the victim’s system that helps them execute and sustain the attack. Unlike traditional malware that relies on files moderated to the victim, LOTL attacks are fileless.
Brandon Whales, executive director of the Cyber Security and Infrastructure Security Agency (CISA), says these attacks serve to pre-position themselves to disrupt or destroy critical infrastructure in the event of a conflict between the two states. He also says for the American portal that they represent a significant change compared to Chinese cyber activity seven to ten years ago, which was mainly focused on political and economic espionage.