A senior NSA cyber official said the U.S. is still unable to identify victims targeted in a massive Chinese-backed hacking campaign that was the subject of recent FBI takedown operations and other recommendations from officials. He said that
Rob Joyce, the agency's outgoing cybersecurity director, said Friday that the U.S. still has discovered victims of the Bolt Typhoon hacking group, which has infiltrated critical infrastructure through compromised equipment such as internet routers and cameras. He said that the NSA's efforts are not yet finished. eradicate such threats.
The covert operation, said to be backed by the Chinese government, allowed the hackers to conceal their intrusions into the systems of the United States and foreign allies for at least five years, officials previously announced. .
The FBI announced in January that it had abandoned much of the group's operations due to compromised equipment. These claims were subsequently confirmed by private sector analysis. But Friday's comments show there is still a ways to go before Bolt Typhoon is completely eradicated from U.S. networks.
Joyce declined to say exactly how many victims remain, but he said Chinese cyber spies rely on stolen administrator credentials and use techniques that are difficult to detect. He said that this has made it easier to obtain information. Misuse of masks.
He said the Bolt Typhoon group is conducting “station maintenance” operations to prepare for the destruction of key infrastructure such as transportation networks. As for when a demolition order would be issued by Chinese authorities, officials assessed it would be a “pretty high bar” in case of a large-scale conflict, such as a possible Chinese invasion of Taiwan, he said. Ta.
Previous US reports said the Bolt Typhoon hackers were using “land survival techniques” to hide within systems and evade detection at US facilities on Guam and other facilities on Guam. They pointed out that they had infiltrated key infrastructure.and outside the US
Joyce added that the NSA was able to detect the Bolt Typhoon hacker using technology backed by advanced artificial intelligence tools. It was also touted by Joyce's successor, David Lubar, who was present at the media briefing.
A senior FBI official previously said the Chinese hacker group was detected through Section 702 of the Foreign Intelligence Surveillance Act, which allows the spy agency to pick up foreign communications and use them in national security investigations. Officials at the time declined to comment on whether this authority was specifically used to investigate Bolt Typhoon, but stressed that it was critical to cyberspace operations.
Section 702, which is set to expire next month without reauthorization by Congress, states that the tool can sweep domestic communications during intelligence-gathering operations, and the policy requires Americans to use the amendments to the U.S. Constitution. It is being challenged by civil liberties groups who say it violates Title IV rights. The ordinance grew out of Bush administration surveillance measures enacted in 2008 and was intended to provide a legal framework for U.S. intelligence agencies' spying capabilities after the September 11 attacks, including communications data sharing and other Removed common data type silos.
Mr Joyce emphasized the spying powers, calling them “absolutely essential” powers, adding that he “remains concerned” about whether Congress will reauthorize them by next month. He did not provide details about Congress's efforts to reform the powers with provisions such as warrant requirements, deferring to the White House's position on the discussion.
Intelligence leaders said in January that a Chinese-backed hacking campaign against the United States had reached a new level of complexity and that the federal government was unable to thwart the Chinese-led cyber threat amid widespread diplomatic tensions between the two countries. He issued a stern warning to lawmakers, saying they needed to work hard to achieve this goal. .
Mr. Joyce also said that China is working more closely with hacking operations like Russia that seek to sow division in the U.S. political process, an issue that could flare up further as the November presidential election approaches. He said that there is a sex.
An assessment released this week by the IC said China, Russia, and Iran are capable and willing to launch cyberattacks aimed at interfering with the U.S. election process. China may seek to influence the outcome of the November election “to avoid criticism of China and to widen divisions in American society,” the white paper said.