Infra
FBI director warns Chinese hackers aim to ‘wreak havoc’ on U.S. critical infrastructure
FBI Director Christopher Wray warned about the growing threat of Chinese cyberattacks against U.S. electrical grids and other infrastructure in an appearance Wednesday morning before the House Select Committee on the Chinese Communist Party.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” said excerpts of Wray’s prepared testimony released by the FBI.
Wray also argued that “there has been far too little public focus” on Chinese hackers’ targeting critical infrastructure in the U.S., such as water treatment plants, electrical grids, oil and natural gas pipelines and transportation systems, according to the prepared remarks.
“And the risk that poses to every American requires our attention — now,” his prepared testimony said.
As Wray testified, the Justice Department and the FBI announced they had disabled a Chinese hacking operation that had infected hundreds of small office and home routers with botnet malware that targeted critical infrastructure.
The Justice Department said the hackers, known to the private sector as “Volt Typhoon,” used privately owned small routers that were infected with “KV botnet” malware to conceal further Chinese hacking activities against U.S. and foreign victims.
Wray addressed the malware in his testimony, emphasizing that it targets critical infrastructure in the U.S.
“The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation and water sectors — steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous,” Wray said in his testimony.
The majority of the routers affected by the hackers were vulnerable because they had reached “end of life” status and could no longer be supported by their manufacturers’ security patches or other software updates, the Justice Department statement said. The court-authorized operation deleted the malware from the routers and took additional steps to sever their connections with the botnet.
At Wednesday’s hearing, the director of the federal Cybersecurity and Infrastructure Security Agency, Jen Easterly, testified that Americans should expect efforts by China to wage influence campaigns online relating to the 2024 election. However, she added that she was confident that voting systems and other election infrastructure are well-defended.
“To be very clear, Americans should have confidence in the integrity of our election infrastructure because of the enormous amount of work that’s been done by state and local election officials, by the federal government, by vendors, by the private sector since 2016,” Easterly said in her testimony.
Wray emphasized that the “cyber onslaught” of Chinese hackers “goes way beyond pre-positioning for future conflict,” saying in the prepared remarks that the hackers are “actively attacking” U.S. economic security every day, engaging in “wholesale theft of our innovation and our personal and corporate data.”
“And they don’t just hit our security and economy. They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents,” the excerpts said.
Wray’s remarks add to a series of stark warnings he has issued about the Chinese government’s hacking capabilities. In an interview with NBC News in 2022, Wray said that he was shocked to learn the scale of Chinese efforts to steal U.S. technology when he became FBI director in 2017 and that the FBI had launched an average of two counterintelligence investigations a day to counter those threats.
China-linked hackers last year breached the email accounts of the State and Commerce departments, as well as the U.S. ambassador to China, Nicholas Burns. The Cybersecurity and Infrastructure Security Agency said at the time that the targeted intelligence-gathering campaign lasted around a month.