Chinese hackers infiltrated home wifi routers to attack infrastructure, FBI warns

Date:

Chinese state-sponsored hackers have infiltrated outdated home and office wifi routers in the US in preparation for attacks on electrical grids and water supplies.

A US government investigation found that hundreds of old routers had been infected with malware by a Beijing-backed hacking group known as “Volt Typhoon”.

The FBI on Wednesday said it had deleted the malware that was distributed on the routers of unknowing Americans to gain a foothold in the country’s critical national infrastructure.

The UK’s National Cyber Security Centre has previously warned that hackers backed by the Chinese state were trying to infiltrate Britain’s key infrastructure and hiding in computers to “evade detection”.

The Five Eyes intelligence network of the UK, US, Canada, New Zealand and Australia issued a joint statement last May asking infrastructure providers to be vigilant to Chinese threats. The warning came after Volt Typhoon hacked into a US military outpost in the Pacific Ocean.

Ken McCallum, the director of MI5, said in October that there has been a “sharp rise” in Chinese attempts to steal state secrets in the UK, warning a conference of Western security chiefs: “We all need to be aware, and respond, before it’s too late.”

Volt Typhoon

On Wednesday, the FBI said Volt Typhoon had used its malware to disguise the fact that the hack had been conducted by the Chinese government, adding that the “vast majority” of routers affected were out-of-date Cisco and NetGear machines that had not received recent security updates.

Unlike previous attacks, the hack was directed at internet routers in small businesses and home offices, rather than at government agencies or infrastructure providers.

Christopher Wray, the FBI’s director, warned Congress on Wednesday that the Chinese government was increasingly targeting civilians.

“They’re not focused just on political and military targets. We can see from where they position themselves across civilian infrastructure, that low blows aren’t just a possibility in the event of conflict,” he told the House of Representatives’ select committee on competition with China.

“Low blows against civilians are part of China’s plan. I do want the American people to know that we cannot afford to sleep on this danger.”

Mike Gallagher, the committee’s chairman, said the attacks were the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants”.

“There is no economic benefit for these actions. There is no intelligence-gathering rationale,” he said. “The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”

Hostile ‘botnets’

Analysis by Lumen, a cyber security firm, has found that the hostile Chinese “botnet” has been active on routers in the US for almost two years, and would not be detectable by a user because it does not prevent them from working.

The malware works by infecting a router and attempting to connect with other machines to spread across a network.

The ultimate goal of the hackers is to gain access to infrastructure networks to disrupt daily life for American citizens, officials said.

Government cyber security experts have already discovered Chinese software in aviation, water, energy and transportation infrastructure, and yesterday warned that the public should prepare for an unexpected attack.

The FBI told manufacturers to ensure that security updates were installed automatically on their routers, and require a manual override for the removal of security settings.

Merrick Garland, the US attorney general, said: “The justice department has disrupted a PRC-backed hacking group that attempted to target America’s critical infrastructure utilising a botnet.

“The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people.”

China has previously described the United States’s accusations that it has sponsored hacks on American civilians as “misinformation”.

Share post:

Popular

More like this
Related