Chinese Hacking Campaign Targeting Critical Infrastructure Spanning Five Years, According to US Reports

By Raphael Satter

WASHINGTON (Reuters) – An advanced group of Chinese hackers targeting U.S. critical infrastructure has been active for up to five years, according to a joint statement from American and allied intelligence agencies released on Wednesday.

The U.S. National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Transportation Security Administration revealed that the group, referred to as "Volt Typhoon," has infiltrated networks across various sectors, including aviation, rail, mass transit, highways, maritime, pipelines, and water and sewage systems.

While specific organizations were not disclosed, the statement noted that American intelligence officials have detected the hackers maintaining access within victim IT environments for at least five years.

This announcement, co-signed by cybersecurity agencies from the U.K., Australia, Canada, and New Zealand, marks another warning regarding Volt Typhoon, which is particularly concerning to officials due to its focus on potential sabotage rather than just espionage.

The extensive nature of these cyber activities has prompted discussions between the White House and private technology companies, including several telecommunications and cloud computing firms, as the U.S. government seeks assistance in monitoring the hackers’ actions.

Recently, reports emerged that the U.S. government initiated measures to combat Volt Typhoon by remotely disabling certain aspects of its operations.

"We are extraordinarily concerned about malicious cyber activity from the PRC state-sponsored actor known as Volt Typhoon," said Eric Goldstein, a senior official at CISA, prior to the statement’s release. He emphasized that many of the identified victims hold no legitimate espionage value.

The news of the joint statement was initially reported by CNN.