How is China hacking America?

The scale of China's recent attempts to penetrate U.S. infrastructure has surprised the entire cybersecurity industry, experts said.

Daniel Cuthbert, a member of the UK Government's Cybersecurity Advisory Committee, said the Bolt Typhoon hacking system was larger than anything China had previously unleashed.

The US government says Bolt Typhoon is designed to cripple US computer systems in the event of a war between the US and China.

FBI Director Christopher Wray told a U.S. committee hearing on January 31 that Bolt Typhoon was “the defining threat of our generation.”

It has already been used in hacking attempts against emergency services, military installations, and satellites.

“Bolt Typhoon is essentially a very large-scale campaign by Chinese state agents to actively seek access to industrial control systems and other critical national infrastructure,” Cuthbert said. Told. newsweek.

“Similar campaigns have been going on for a very long time, but I think what surprised a lot of people, including me, was the scale of the campaign.”

Cuthbert said it was a mistake to think that China was only targeting the United States.

“Not only does it pose a threat to the United States, it poses a threat to everyone in the CNI.” [Critical National Infrastructure] world. There are a lot of fairly complex problems in that world when it comes to security that are not easy to solve. “We feel that significant investment is needed here to make our CNI as secure as possible around the world,” he said.

Cuthbert believes Bolt Typhoon will be difficult to defeat because it uses techniques that allow it to “live off the land.”

According to cybersecurity firm CrowdStrike, unlike traditional malware attacks, land-based hacking systems do not use any of their own files. This means that the attacker does not need to install any code or script within the target system.

Instead, use tools that already exist on your computer system, such as Windows Administration. This makes it much more difficult to contain and allows hackers to remain undetected within computer systems for months or even years.

On February 7, the U.S. government's Cybersecurity Agency issued a statement blaming the Chinese government for the Bolt Typhoon, stating that the Bolt Typhoon could be used in the event of a war or hostile relationship between the two countries. said it was designed to bring down U.S. computer systems.

“U.S. authoring agencies have confirmed that Bolt Typhoon compromised the IT environments of multiple critical infrastructure organizations in the continental and non-continental United States and its territories, primarily in the telecommunications, energy, transportation systems, and water and wastewater systems sectors. including Guam,” the statement said.

“U.S. copyright management agencies are concerned that these attackers could use their network access to have devastating effects in the event of potential geopolitical tensions or military conflict. There is,” he added.

“Bolt Typhoon's selection of targets and behavior patterns are inconsistent with traditional cyber espionage and intelligence gathering operations.”

newsweek The Chinese embassy in Washington, D.C., was contacted for comment via email.

Steve Morgan, founder of Cybersecurity Ventures, said: newsweek He said the impact of Bolt Typhoon “could have been catastrophic.”

“Our most formidable adversaries have been lurking unnoticed in America's critical infrastructure for years. Fortunately, the FBI, NSA, and CISA have had enough time to intervene. , alerted and advised our critical infrastructure and averted one of our worst nightmares.”

“China is on a decades-long mission to infiltrate and harm American people, businesses, organizations of all kinds, governments, and political parties.”

“Hacking is getting more intense every year, and there is no end in sight,” he said.