Unusually, Chinese officials admitted in a secret meeting with American counterparts that Beijing was indeed behind last year’s cyberattacks on US infrastructure. The question is, why? The US might not like the answer.
According to The Wall Street Journal, American officials were stunned when their Chinese colleagues mentioned the cyberattacks by Volt Typhoon, a China-based state-sponsored operation, during a previously undisclosed December summit in Geneva.
In early 2024, the US agencies publicly attributed the Volt Typhoon attacks – intrusions into computer networks at US ports, water utilities, airports, and other targets – to Beijing.
The Americans felt publicity was needed to warn the country over China’s alleged campaign to gain a foothold in US systems. But the US was also used to China vehemently denying any sort of link to criminality, blaming the incidents on individual gangs, or accusing America of imagining things.
Therefore, naturally, the room was startled when, according to the WSJ, Wang Lei, a top cyber official with China’s Ministry of Foreign Affairs, “indicated” that the hacks were connected with the American support for Taiwan, an island Beijing claims is Chinese territory.
One US official told the WSJ that Wang’s comments came after the Americans pointed out that China didn’t appear to understand how dangerous prepositioning in civilian critical infrastructure was.
To be fair, Wang didn’t directly state that China was responsible for the hacking. But the Americans perceived the comments as a not-too-subtle attempt to scare the US away from supporting Taiwan if a kinetic conflict over the island erupts.
“China wants US officials to know that, yes, they do have this capability, and they are willing to use it,” Dakota Cary, a China expert at SentinelOne, told the WSJ.
However, Sean Tufts, managing partner for critical infrastructure and operational technology at the cybersecurity firm Optiv, told Cybernews he thought that the Chinese move was actually difficult to explain.
“We are not used to China showing their hand. Their modus operandi is always to deny, cover, and distract. It makes me think they are distracting us with Volt/Salt Typhoon to cover other activities,” said Tufts.
“Using this to deter the US from defending Taiwan makes short-term sense but it’s not a military strategy – unless the Volt Typhoon is stronger or weaker than expected.”
According to US national security experts, breaches like the Volt Typhoon attacks could enable China to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations.
Volt Typhoon still appears to be active. In March, researchers at Cisco Talos discovered that several hacking groups, tracked as UAT-5918, were targeting critical infrastructure in Taiwan, and said in a blog post: "We assess that UAT-5918's post-compromise activity, tactics, techniques, and procedures, and victimology overlaps the most with Volt Typhoon, Flax Typhoon, Earth Estries, and Dalbit intrusions we’ve observed in the past."
Your email address will not be published. Required fields are markedmarked