Allies warned Beijing-backed cyber hackers using home computers to access power grids

AUKUS partners have been warned about a sinister shift in Beijing-sponsored cyber actors now targeting civilians.

2 min read

February 2, 2024 - 12:00PM

News Corp Australia Network

Security

Don't miss out on the headlines from Security. Followed categories will be added to My News.

Australian intelligence has been warned Beijing state-sponsored hackers might look to “preposition” malware in ordinary home Wi-Fi routers as a backdoor to attack power and water grids.

Attempting cyber assaults directly on critical infrastructure or government and military agencies is not new and China-based hackers have persistently tried this here in recent times.

But American intelligence has told AUKUS partners of a sinister shift in Beijing-sponsored cyber actors now targeting civilians with outdated home internet routers as springboards to hack into critical national infrastructure including electricity and water, transport, aviation, hospital and communications.

A graphic displayed at a US House Select Committee on the Chinese Communist Party hearing titled "The CCP Cyber Threat to the American Homeland and National Security" on Capitol Hill in Washington, DC. Picture: AFP

The sleeper hack could sit undetected for years before being unleashed.

The warning came as the FBI in the US said it found malware planted by the Beijing-backed hacking group Volt Typhoon in outdated mostly NetGear and Cisco home and small office routers of hundreds of unsuspecting Americans.

It used the vulnerable domestic civilian routers to disguise its offshore origins thereby making it easier to then reach inside utilities.

The malware was not aimed at stealing an individual’s savings or identity or being used for espionage but rather to set up to infiltrate critical national infrastructure for an attack and create mass disruption.

Alastair MacGibbon, chief strategy officer at CyberCX.

Civilian home routers or those in small business were much more less likely to have had security patch upgrades than larger industry networks, public agencies or suppliers.

While Volt Typhoon has not specifically been found here yet, Australia’s former national security adviser and head of the Australian Cyber Security Centre (Australian Signals Directorate) Alastair MacGibbon said you wouldn’t know.

High-voltage power lines in Melbourne, a potential Beijing-backed cyber target? Picture: Supplied

“Is China state inside Australia today? 100 per cent. That is not too long a bow to draw,” Mr MacGibbon said.

“Is it Volt Typhoon? Not that anyone is publicly saying but it could be absolutely because no-one has full visibility of what’s going on. By its nature when you look at the commentary coming out of the US out of date routers in homes and small business to use as jumping points.

“Are there out of date routers in Australia that the government can’t see? Yes of course and possibly could be controlled by a foreign nation. This is the nature of what we are trying to defend against, this is complex ageing technology that was never designed to be as connected as it is and we run our whole society on it.”

Mr MacGibbon, chief strategy officer at leading cyber security group CyberCX, said it’s sad but rational to expect a foreign adversary to look to preposition malware to ultimately attack a nation’s infrastructure.