FBI Director Chris Wray warns Congress that Chinese hackers targeting U.S. infrastructure as U.S. disrupts foreign botnet "Volt Typhoon"
Washington — Hackers backed by the Chinese government are targeting U.S. water treatment plants and electrical grids, strategically positioning themselves within critical infrastructure systems to "wreak havoc and cause real-world harm to American citizens and communities," FBI Director Christopher Wray told Congress Wednesday.
"There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure," Wray warned the House Select Committee on the Chinese Communist Party, according to excerpts of his remarks obtained by CBS News. "The risk that poses to every American requires our attention — now."
The head of the FBI and other national security officials — including Jen Easterly, who leads the Cybersecurity and Infrastructure Security Agency — are testifying at a congressional hearing focused on the cybersecurity threat posed by China's government.
Wray told Congress that much of the framework upon which Americans rely for daily tasks, like oil and natural gas pipelines and transportation systems, is vulnerable to a cyberattack by hackers supported by China's ruling party.
The Justice Department and FBI announced Wednesday that they've disrupted the hacking operation known as "Volt Typhoon," a China-backed hacking operation that officials said targeted critical infrastructure in the U.S. and other nations.
Active since mid-2021, researchers at Microsoft previously determined it "could disrupt critical communications infrastructure between the United States and Asia region during future crises."
U.S. investigators obtained a court order to delete the botnet malware on infected routers and later took measures to prevent future reinfection. Remotely disabling hackers behind cyberattacks as they did in this case is a new weapon in the U.S. government's cyber defense arsenal.
Volt Typhoon utilizes botnets – networks of infected internet-connected devices that can be used to bring down sensitive targets. Typically, initial access is gained through unsecured home routers or modems.
"Through the course of an investigation, the FBI determined the best action was to conduct a technical operation to decisively neutralize the botnet in a timely and coordinated manner," a senior FBI official said, "curtailing the PRC's ability to further target U.S. entities."
"The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people," Attorney General Merrick Garland said in a statement Wednesday.
Activity by the China-based hacking group reportedly alarmed U.S. officials, given its proximity to Andersen Air Force Base in Guam. China has ramped up its military activities near the island in recent years in response to what Beijing claims is "collusion" between Taiwan and the U.S.
The naval port in Guam would play a critically important role in launching any U.S. military response in the event of a Taiwanese invasion. Microsoft noted at the time that Chinese intelligence and military hackers routinely prioritize espionage and the gathering of information.
Last week, senior officials from the National Security Agency (NSA) warned that part of the PRC's strategy behind Volt Typhoon could be to distract the U.S. in the event of conflict over Taiwan.
"This is unique in that it's prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on a domestic incident at a time when something's flaring up in a different part of the world," said Rob Joyce, cybersecurity director at NSA, adding that the PRC doesn't "want us facing the foreign aspects of that."
"[T]he reason it's a whole-of-government effort is because every sector, potentially, is being targeted and impacted and we really have to be all in unison on how we're doing mitigation," added Morgan Adamski, chief of the NSA's Cybersecurity Collaboration Center, which works with private sector companies to detect and prevent against cyber threats.
Joyce said efforts were ongoing across the government to convince China's leadership that civilian targets should be out of bounds.
"We have to get to the point where PRC leadership decides that the embarrassment in the international community of being caught at this, the horror of the international community that somebody would hold civilians at risk with cyber is intolerable," he said.
Earlier this month, the FBI and CISA also pushed out a new alert, warning that Chinese-manufactured drones, or UAS, pose a "significant risk" to critical infrastructure and U.S. national security.
"The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities, jeopardizing U.S. national security, economic security, and public health and safety," the bulletin read.
Other top public officials, like Attorney General Merrick Garland, have also warned of the threat China's government poses to Americans' well being, economic prosperity and innovation. In the last year, the Justice Department has announced novel cases calling out Chinese chemical companies for aiding the fentanyl epidemic and secret Chinese police stations working to quiet Chinese dissidents living in the U.S.
"Today, and literally every day, they're actively attacking our economic security, engaging in wholesale theft of our innovation, and our personal and corporate data," Wray told Congress Wednesday. "They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents."
Chinese embassy spokesperson Liu Pengyu said in response to Wednesday's testimony: "The Chinese government has been categorical in opposing hacking attacks and the abuse of information technology. The United States has the strongest cyber technologies of all countries, but has used such technologies in hacking, eavesdropping more than others. We urge the U.S. side to stop making irresponsible criticism against other countries on the issue of cybersecurity."
Last year, the Justice Department launched the Disruptive Technology Strike Force to target rival nations like China that seek to use American high-tech advances to undermine national security and upset the rule of law.
U.S. officials are paying more attention to how foreign adversaries try to use investments to gain access to American technology and data. In announcing the department's new initiative last February, Deputy Attorney General Lisa Monaco said the Biden administration is looking at options to enable federal regulators to monitor the flow of American money into foreign tech sectors, while making sure those funds do not advance the national security interests of other nations, including China.
