Chinese hackers called out by Australia, US amid fresh warning about cyber attacks
Spy agencies have sounded the alarm after Chinese hackers lived in some US critical industries for up to five years unnoticed.
Chinese hackers have lived in the networks of some critical US industries for “at least five years,” according to a statement co-signed by Australia’s spy agency.
State-sponsored hacking group, Volt Typhoon, sought to position itself to conduct a destructive cyber attack in the event of a major crisis, or if the two countries were to go to war.
The claim was published in a cyber security warning from six US agencies as well as Five Eyes partners – Australia, Canada, New Zealand and the UK.
“Our evidence strongly suggests that the PRC actors are pre-positioning to launch future disruptive or destructive cyber attacks that could cause impact to national security, economic security or public health and safety,” the report said.
It warned “PRC state-sponsored” hackers have targeted key infrastructure, “primarily in Communications, Energy, Transportation Systems, and Waste and Wastewater Systems Sectors — in the continental and non-continental United States and its territories.”
Security cameras at unnamed facilities had also been broken into.
The spy agencies also sounded the alarm on Australia’s own critical infrastructure, indicating it could also be vulnerable.
The hackers’ “choice of targets and pattern of behaviour is not consistent with traditional cyber espionage or intelligence gathering operations,” the report said.
“The US authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.”
The report outlined the Beijing-backed hackers scoped and accessed IT systems years ago and then tailored their tactics and techniques to snake their way to more sensitive systems and information.
“This assessment is supported by observed patterns where Volt Typhoon methodically re-targets the same organizations over extended periods, often spanning several years, to continuously validate and potentially enhance their unauthorized accesses,” it said.
Coalition defence spokesman Andrew Hastie welcomed the move to publicly call out China’s actions.
“I think our relationship with China has had some serious bumps over the last six months,” he told reporters in Canberra on Thursday.
“If the People’s Republic of China is conducting cyber-attacks against US infrastructure, then it’s right that we also bring that to light as well, because the best way to discourage cyber-attacks is to bring transparency and make sure that they’re attributed to the people conducting them.”
A government spokesperson said Australia “has joined Five Eyes partners to issue two technical advisories warning of Chinese and Russian state-sponsored cyber actors compromising US critical infrastructure systems and networks”.
“Australian and partner intelligence agencies are concerned the same techniques could be applied against critical infrastructure sectors around the world,” they said.
“The advisories contain advice to mitigate against these threats. Australia expects all countries, including China and Russia, to act responsibly in cyberspace and to adhere to internationally agreed rules.”