Truth, Inspiration, Hope.

Chinese Military Hackers Have Compromised Dozens of America’s Key Infrastructure Assets, WAPO

Published: December 11, 2023
Chinese hackers backed by the PLA are engaged in many forms of cyber crime.
Chinese hackers backed by the PLA are engaged in many forms of cyber crime. (Image: NICOLAS ASFOURI/AFP via Getty Images)

According to U.S. officials and cyber security experts, hackers with China’s People’s Liberation Army (PLA) have compromised dozens of key American infrastructure sites, including power, utility and communications assets, the Washington Post reported on Dec. 11.

Experts say that these assets, which number over two dozen, were all compromised over the past year and may be a ploy by the communist regime to prepare to disrupt an American response to a military attack by Beijing on Taiwan. 

“The intrusions are part of a broader effort to develop ways to sow panic and chaos or snarl logistics in the event of a U.S.-China conflict in the Pacific,” the Washington Post reported.   

In addition, several entities outside of the U.S. have been identified as compromised by the PLA’s cyber army, say the experts who wish to remain anonymous due to the sensitivity of the matter. 

Infrastructure assets that have been identified as compromised by the PLA include a water utility in Hawaii and an unspecified gas pipeline.

There is also evidence that the hackers have attempted to gain access to Texas’s power grid, which operates outside of the broader American electricity grid. However, authorities say that attempts to compromise Texas’ grid all failed. 

U.S. officials said that none of the intrusions impacted any industrial control systems or critical functions and that there have been no disruptions in service due to the intrusions.

“But they said the attention to Hawaii, which is home to the Pacific Fleet, and to at least one port as well as logistics centers suggests the Chinese military wants the ability to complicate U.S. efforts to ship troops and equipment to the region if a conflict breaks out over Taiwan,” the Washington Post wrote. 


‘Volt Typhoon’ 

The PLA’s cyber campaign is being called “Volt Typhoon” by American authorities and was first detected last year by the U.S. government. 

Brandon Wales, executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) told the Washington Post, “It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis,” adding that, “That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”

Volt Typhoon “appears to be focused on targets within the Indo-Pacific region, to include Hawaii,” Morgan Adamski, director of the National Security Agency’s Cybersecurity Collaboration Center, said. 

Joe McReynolds, a China security studies fellow at think tank the Jamestown Foundation, believes the hackers are looking for ways to get into systems without being detected by stealing credentials in order to “build tunnels” into their enemies’ infrastructure.   

He says that currently the Chinese operation appears to be focused on reconnaissance, however could be easily transitioned to an attack.

McReynolds, who claims to have seen internal Chinese military documents on the matter, says the PLA’s strategy is to synchronize air and missile strikes while disrupting command-and-control networks all while compromising critical infrastructure including satellite networks and logistics systems relied on by the U.S. military.


‘Living off the land’

Last May, the Five Eyes intelligence alliance, which includes the United States, Canada, Britain, New Zealand and Australia, tabled strategies to detect the hackers. The alliance alleges that Chinese hackers are evading detection by mimicking normal internet activities, a strategy called “Living off the land.”

Adamski told the Washington Post, “The two toughest challenges with these techniques are determining that a compromise has occurred, and then once detected, having confidence that the actor was evicted.”

America’s National Security Agency (NSA) is recommending mass password resets and improved monitoring of high-privilege network credentials. 

In addition, the NSA says that text message authentication needs to be replaced with hardware tokens because text messages can be easily intercepted by bad actors. 

Chinese cyber intrusions were reportedly on the agenda when Biden recently met with Chinese dictator Xi Jinping, however the matter never came up during their four hour meeting.