Chinese Hackers Embedded in US Networks for at Least Five Years

Jamie Tarabay
·1 min read
4

(Bloomberg) -- The Chinese state-sponsored hacking group known as Volt Typhoon has been living in the networks of some critical industries for “at least five years,” according to a joint cybersecurity advisory issued by the US and its allies on Wednesday.

Most Read from Bloomberg

The compromised environments are in the continental US and elsewhere, including Guam, the advisory said. It was published by US agencies and their security counterparts in Australia, Canada, the UK and New Zealand.

The report comes a week after US officials announced an operation to disrupt Volt Typhoon by deleting malware from thousands of internet-connected devices the group had hijacked to gain access to the networks in critical parts of the economy. Among the sectors targeted were communications, energy, transportation and water systems.

Read More: US Disrupted Chinese Hacking Operation That Targeted Routers

Addressing Congress last week, FBI Director Christopher Wray said China’s hackers were “positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”

Volt Typhoon uses techniques that have also been put into practice by Russian-affiliated hackers, the report noted. Those include “living off the land,” in which hackers put in place existing tools to stay under the radar.

Even for organizations adopting best practices, distinguishing malicious activity from legitimate behavior is a challenge, the report said. Details of the report were previously published by CNN.

--With assistance from Katrina Manson.

Most Read from Bloomberg Businessweek

©2024 Bloomberg L.P.