Security Awareness – Chinese Cyber Threats to Critical Infrastructure

Chinese state-sponsored cyber actors represent one of the most pervasive cyber threats facing the U.S. and its Western allies today. In the event of a conflict with the U.S., China would likely launch destructive attacks against critical infrastructure in the homeland, according to the Department of Defense’s (DoD’s) latest Cyber Strategy.

The DoD strategy states that China poses a broad and pervasive cyber espionage threat, with Chinese threat actors routinely conducting malicious cyber activity against the U.S. and its Western allies. Indeed, over the summer, WaterISAC reported on multiple instances of Chinese advanced persistent threat (APT) activity targeting critical infrastructure, specifically related to APT Volt Typhoon. Similarly, last month, CISA Director Jen Easterly warned the increasing malicious activity of Chinese threat actors was alarming because U.S. officials spent more than a decade defending against Chinese cyber attacks that focused on espionage, theft of financial and technological data. But now more recently, China’s cyber actors are positioning themselves to conduct destructive cyberattacks on U.S. critical infrastructure. For instance, in July, the New York Times reported the U.S. government found Chinese threat actors had gained access to the networks of power grids, communications systems, and water supplies for military bases within the U.S. and abroad. The threat actors behind these campaigns, Volt Typhoon, have employed a technique called “living off the land,” where they use victims’ existing computer processes rather than introducing new malicious software, which makes them harder to detect. The tactics, techniques, and procedures and indicators of compromise were highlighted in a joint Cybersecurity Advisory (AA23-144a) published in May. The EPA also recently released a supplemental advisory to the one noted above, members are encouraged to review the advisory’s IOCs and update their network defenses accordingly. Read the full DoD Cyber Strategy or read a related news article here.