By Glenn Thrush and Adam Goldman
Christopher Wray, director of the FBI, warned on Wednesday that China was ramping up an extensive hacking operation geared at taking down the United States’ power grid, oil pipelines and water systems in the event of a conflict over Taiwan.
Wray, appearing before a House subcommittee on China, offered an alarming assessment of the Chinese Communist Party’s efforts. Its intent is to sow confusion, sap the United States’ will to fight and hamper the U.S. military from deploying resources if the dispute over Taiwan, a major flashpoint between the two superpowers, escalates into a war, he added.
Before his testimony, FBI and Justice Department officials revealed that in December, they had obtained a court order that authorized them to gain access to servers infiltrated by Volt Typhoon, a Beijing-directed hacking network that has targeted a range of critical infrastructure systems, often by infiltrating small businesses, contractors or local government networks.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” said Wray, who pressed the committee to increase funding for the bureau.
“Low blows against civilians are part of China’s plan,” he added.
Hackers for Volt Typhoon compromised hundreds of Cisco and NetGear routers, many of them outdated models no longer supported by manufacturer updates or security patches, in an effort to embed an army of sleeper cells that would be activated in a crisis.
In May, U.S. officials warned business, local governments and foreign allies that the group was taking aim at “networks across U.S. critical infrastructure sectors” and was likely to apply the same techniques against other countries.
The operation was stopped before it affected the “legitimate functions” of infrastructure agencies and China did not seem to have collected “content information” from the routers.
The government is informing owners of the equipment, officials said.
Speaking to reporters a day earlier, Gen Paul Nakasone, the director of the National Security Agency and the head of Cyber Command, said his organizations were working with partners to better understand what China was doing with the Volt Typhoon intrusions on critical infrastructure. “We have found the Chinese in our critical infrastructure and that’s just wrong,” he said.
In his testimony, Wray said a major hurdle in countering Chinese hacking operations was the reluctance of small business owners and local governments to inform the FBI of suspicious activity on their networks, which could “prevent the attack from metastasizing to other sectors and other businesses.”
Also on Wednesday, the department unsealed an indictment against four Chinese citizens. They are accused of operating a yearslong conspiracy to smuggle electronic components from the United States to Iran, in violation of long-standing sanctions and restrictions on the export of military technology to the Islamic Republic.
The suspects, who all live in China, are charged with using front companies to funnel components that could be used to build drones and ballistic missile systems to Iran from 2007 to at least 2020, according to the indictment in U.S. District Court in Washington.
As a result, a “vast amount” of U.S. technology was diverted to Iran, prosecutors said. They did not specify the potential harm to national security.
In recent months, the FBI and Justice Department have intensified their warnings about malicious activity by China, Iran and Russia inside the United States. Those include murder-for-hire plots against dissidents, efforts to infiltrate U.S. law enforcement agencies, election interference, intellectual property theft and online breaches like those Wray and cybersecurity officials identified at the hearing on Wednesday.
Beijing has long denied targeting U.S. civilian infrastructure, and senior Chinese officials recently told the national security adviser, Jake Sullivan, that they would not influence the outcome of the 2024 election by infiltrating networks.
American hackers target China’s military and government servers, but have historically avoided the kind of infrastructure attacks directed by Beijing, Nakasone said in his testimony on Wednesday.
“Responsible cyberactors of democracies like our own do not target the civilian infrastructure,” he said. “There’s no reason for them to be in our water. There’s no reason for them to be in our power. This is a decision by an actor to actually focus on civilian targets.”