Saturday, July 13, 2024

Chinese hackers are positioning to strike U.S. critical infrastructure with ‘disruptive or destructive cyberattacks’ if conflict breaks out

Must read

If you’re unfamiliar with Volt Typhoon, you should probably get up to speed.

It’s been a while since cybersecurity researchers and U.S. security agencies shined a light on the activities of the Chinese state-sponsored hacking group. Microsoft said in May that Volt Typhoon has been active since mid-2021, stealthily finding and maintaining access in the networks of critical infrastructure providers, with the likely aim of disrupting U.S.-Asia communications in future crisis situations.

Last week, the Five Eyes intelligence alliance—that’s the U.S., Canada, Australia, New Zealand, and the U.K.—jointly warned that Volt Typhoon had been doing its thing for at least five years. And it’s not just positioning itself to disrupt communications, but preparing for “disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” Communications, energy, transportation, water, and waste treatment systems have all been compromised.

The FBI said several days previously that it had managed to disrupt a Volt Typhoon botnet, but noted that this was only part of the hacking group’s operation, and didn’t say how much disruption they’d caused. “The [Chinese Communist Party’s] dangerous actions—China’s multi-pronged assault on our national and economic security—make it the defining threat of our generation,” FBI Director Christopher Wray told U.S. lawmakers at a House select committee hearing on Jan. 31.

Then, on Tuesday this week, the industrial cybersecurity firm Dragos released a report about the group it calls Voltzite, which it says “shares overlaps” with Volt Typhoon (different research teams like to come up with their own names for what are essentially the same hacking operations, amorphous as those groups can be). It backed up earlier findings such as the group’s targeting of sites in the U.S. territory of Guam—notable for its importance to both the U.S. military and U.S.-Asian telecommunications links.

But Dragos also said that it had last month found evidence of Voltzite compromising an unspecified large U.S. city’s emergency services network, apparently to steal geographical information (it didn’t manage to get into the organization’s operational network). Dragos also spotted Voltzite targeting African electric transmission and distribution providers last August.

Volt Typhoon/Voltzite/Vanguard Panda/Bronze Silhouette/Dev-0391/UNC3236/Insidious Taurus (told you about the blurred-identity thing) uses so-called “living-off-the-land” techniques—modifying legitimate admin tools in the network after gaining access through buggy routers and the like, rather than attacking the network with traditional malware files—to stay low. It still hasn’t played its hand, but there’s every reason to be afraid of that eventuality.

“The concern is the targets they pick across telecommunications, and electric power generation and distribution—these are very strategic targets. It’s not a spray and pray,” Dragos CEO Robert Lee told reporters, according to The Register. “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray told lawmakers.

So remember the name(s). More news below.

David Meyer

Want to send thoughts or suggestions to Data Sheet? Drop a line here.

NEWSWORTHY

NYC mayor tackles social. New York City Mayor Eric Adams has sued Meta, Alphabet, Snap, and ByteDance over their social media platforms’ alleged efforts to “purposefully manipulate and addict children and teens to social media applications.” Reuters reports that the suit was filed in the California Superior Court, and that Meta and Google strenuously deny Adams’ allegations.

Nvidia passes Alphabet. With a market cap of $1.83 trillion, Nvidia is now more valuable than Alphabet. As The Verge reports, the chip giant also surfed the AI wave past Amazon earlier this week. Nvidia is now the world’s fourth most valuable company after Microsoft, Apple, and Saudi Aramco.

Microsoft invests in Germany. Microsoft is making its biggest-ever investment in Germany—around $3.5 billion over the next two years, to build out its cloud and AI infrastructure in the country. The Associated Press reports that Microsoft president Brad Smith made the announcement today in Berlin alongside Chancellor Olaf Scholz. New data centers aside, Microsoft will also fund an AI training program for up to 1.2 million people. Meanwhile, Google, which also just announced a major AI training initiative for Europe, has opened a new Paris hub for its AI teams in the French capital.

ON OUR FEED

“Registration is refused because the applied-for mark merely describes a feature, function, or characteristic of applicant’s goods and services.”

—The U.S. Patent and Trademark Office definitively rejects OpenAI’s attempt to trademark the term “GPT.” That may be how the company markets its AI models, but the USPTO pointed out that the acronym for “generative pre-trained transformers” is widely used in the industry, and was clearly not swayed by OpenAI’s argument that consumers wouldn’t know what the referred-to wording means.

IN CASE YOU MISSED IT

It’s a dark time to be a tech worker right now, by Marco Quiroz-Gutierrez

Startup emerges from stealth with $25 million for robots that lay bricks as fast as humans—and fill the huge shortage of laborers, by Jeremy Kahn

Musk shuttles SpaceX out of Delaware amid plans to construct a $100 million compound in Texas region he wants to rename Starbase, by Amanda Gerut

Nvidia tried and failed to buy Arm for $40 billion in 2020, but it just reported a stake worth $147.3 million, by Bloomberg

Uber’s first profitable year brings another milestone: a $7 billion share buyback plan, its first ever, by Bloomberg

Warren Buffett and ‘Big Short’ investor Michael Burry have shown their cards in the streaming war, courtesy of big bets and major selloffs, by Eleanor Pringle

Cisco Systems announces plan to purge 4,000 workers in second round of layoffs in two years, by the Associated Press

BEFORE YOU GO

Amazon Prime suit. Amazon’s decision to start showing ads to Prime Video subscribers who don’t pony up an extra $2.99 a month has, predictably, sparked an attempted class-action lawsuit. The suit was filed earlier this week by splendidly named subscriber Wilbert Napoleon, who notes that Amazon always marketed Prime Video as being ad-free and therefore argues that he and others were asked to “pay extra to get something they already paid for,” The Register reports.

This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.

Latest article