US disrupts Chinese hacking campaign targeting critical infrastructure, officials say

The Federal Bureau of Investigation seal is seen at FBI headquarters in Washington

By Zeba Siddiqui

(Reuters) - U.S. officials said on Wednesday they disrupted a sweeping Chinese cyber-spying operation that targeted critical American infrastructure entities and could be used against the United States in a future geopolitical crisis.

The operation, conducted jointly by the U.S. Department of Justice and the FBI, weeded out malicious Chinese software from a network or "botnet" of hundreds of compromised U.S. routers, both agencies said in a statement.

The U.S. and its key allies disclosed the Chinese campaign, dubbed Volt Typhoon, in May 2023 when analysts at Microsoft found it had targeted everything from U.S. telecommunication networks to transportation hubs.

As state-sponsored hacking becomes an increasingly powerful espionage and foreign policy tool, the United States has scaled up efforts to counter digital intrusion efforts by rivals China and Russia.

"This operation disrupted the efforts of (People's Republic of China) state-sponsored hackers to gain access to U.S. critical infrastructure that (China) would be able to leverage during a future crisis,” Assistant Attorney General Matthew Olsen of the Justice Department’s National Security Division said in a statement.

Some analysts say that crisis could be a Chinese invasion of Taiwan, in which case China could use its infiltration into U.S. networks as part of Volt Typhoon to its advantage.

China last year dismissed U.S. and its partners' allegations on Volt Typhoon as a "disinformation campaign." A spokesperson at China's embassy in Washington called them "irresponsible criticism" on Wednesday.

"The Chinese government has been categorical in opposing hacking attacks and the abuse of information technology," the spokesperson said, alleging in turn that the United States was involved in hacking and "eavesdropping more than other countries."

The disruptive American operation involved taking down hundreds of U.S.-based small office or home office routers that were part of the botnet and had been hijacked by China's state-sponsored hackers, Sean Newell, deputy chief of the Justice Department's National Security Division, said during a media briefing by phone.

"These cyber actors use this botnet to conceal the hacking of U.S. and foreign critical infrastructure among other malicious cyber activities," Newell added.

Most of the infected routers were made by the technology firms Cisco and Netgear and were "end-of-life" or older-generation devices that were not being updated with the latest security measures, officials said.

A court order allowed the agencies to remove the malicious software from the infected routers and disconnect them from the network of devices that had been compromised by Volt Typhoon, they added. Reuters exclusively reported earlier this week about the U.S. operation against Chinese hacking.

It is unclear how many American devices have been infected by the Chinese campaign, but the U.S. statement said the FBI was continuing to investigate.

(Reporting by Zeba Siddiqui in San Francisco and Christopher Bing and Rami Ayyub in Washington; Editing by Lisa Shumaker, Chizu Nomiyama and Jonathan Oatis)