U.S. Disables Chinese Hacking Operation That Targeted Critical Infrastructure

WASHINGTON—The U.S. government said it had disrupted a uniquely dangerous Chinese hacking operation that hijacked hundreds of infected routers and used them to covertly target American and allied critical infrastructure networks, in what senior officials described as a campaign by Beijing to position itself to detonate potentially damaging cyberattacks in any future conflict.

Wednesday’s announcement was part of a coordinated effort by senior Biden administration officials to underscore concerns about China’s advanced and well-resourced hacking prowess, which Western intelligence officials say has grown by leaps and bounds in terms of skill and sophistication over the past decade. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks.

“The United States will continue to dismantle malicious cyber operations—including those sponsored by foreign governments—that undermine the security of the American people,” Attorney General Merrick Garland said.

The Justice Department and Federal Bureau of Investigation took action in December after obtaining court approval to dismantle a botnet, or network of hacked devices, consisting of small office and home office, or SOHO, routers.

Most of the routers were Cisco and Netgear products that were vulnerable because they had reached so-called end-of-life status, meaning they were no longer receiving routine security updates from the manufacturers. The infected routers weren’t necessarily linked to the critical infrastructure networks the hackers targeted, officials said, but were nodes used to conceal their malicious activity from easy detection.

Officials were able to delete the botnet from the routers and sever their connection with the hackers.

China has consistently denied carrying out cyberattacks against the U.S. or other nations while saying American spy agencies are guilty of such conduct. The Chinese Embassy in Washington didn’t immediately respond to a request for comment.

FBI Director Chris Wray issued an unusually stark warning on Wednesday about the threat posed by Chinese cyber intrusions into U.S. critical infrastructure networks in testimony before the House China committee.

“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray said, according to prepared remarks.

Though officials didn’t specify the types of critical infrastructure targeted in the disrupted campaign, Wray said Chinese hackers had been targeting “our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems.”

For nearly a year the U.S. and its closest allies, along with private-sector firms such as Microsoft, have been sounding alarms about a recent campaign waged by Chinese hackers to gain access to sensitive computer networks that operate communications, manufacturing, transportation, maritime and other critical sectors. Officials and industry experts have said the hacking campaign, dubbed Volt Typhoon, has targeted parts of the U.S. and Guam, an American territory in the Pacific that hosts major military installations.

Microsoft has said Volt Typhoon is pursuing capabilities that could disrupt communication infrastructure between the U.S. and Asia in a future crisis. Some U.S. officials have said they are worried the hacking activity could be aimed at preparing to undermine American support for Taiwan in the event of a Chinese invasion of the island, which Beijing claims as its own territory.

Write to Dustin Volz at [email protected]