Image of Chinese hackers infiltrating networks. (Generated by Grok AI)
[People News] On Wednesday, March 5, the U.S. Department of Justice (DOJ) announced indictments against 12 Chinese hackers and officials from China’s Ministry of Public Security. On the same day, the U.S. House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party (CCP) held its first public hearing of the new Congress under the theme: “Ending the Typhoon: How to Counter Beijing’s Cyber Operations and Strengthen America’s Weak Cyber Defenses.”
According to a report by Voice of America (VOA), the threat posed by Chinese hackers is drawing increasing attention from both the U.S. government and cybersecurity experts. No longer limited to stealing commercial secrets, these hackers are now targeting critical U.S. infrastructure, government agencies, political organizations, and even presidential campaign teams. Recent cyber operations attributed to Chinese hackers—such as Volt Typhoon, Salt Typhoon, and Silk Typhoon—demonstrate this strategic shift. Experts have repeatedly warned that China’s cyber threats have evolved from economic espionage into a serious national security risk.
The DOJ’s latest indictment has exposed a sophisticated hacker-for-hire industry. Of the 12 individuals charged by the U.S. government, eight were linked to i-Soon Information Technology Co., Ltd., a private Chinese cybersecurity firm. These individuals were allegedly hired by the Chinese government to carry out large-scale cyberattacks against dissidents, media outlets, defense contractors, and government agencies. They also reportedly sold stolen information to the Chinese authorities.
On the same day, the U.S. House Select Committee on the CCP held a hearing titled “Ending the Typhoon: How to Counter Beijing’s Cyber Operations and Strengthen America’s Weak Cyber Defenses.” The committee warned that China’s cyber threats are part of Beijing’s broader strategy to undermine the American way of life. Committee leaders stated, “China’s infiltration of our critical infrastructure is like a loaded gun aimed directly at the American people.”
Meanwhile, former U.S. national security officials have called for immediate action to mitigate the risk of Chinese hackers disrupting critical U.S. infrastructure. They specifically urged Washington to ban the use of Chinese-made networking equipment, such as TP-Link routers.
On January 22, the U.S. House Committee on Homeland Security also held a hearing on cybersecurity. During the hearing, members of Congress and cybersecurity experts warned that the threat from Chinese hackers had reached an unprecedented level. Committee Chairman Mark Green, a Republican from Tennessee, stated, “China has already embedded itself within our infrastructure.”
He further warned, “This means that if we enter a conflict with the CCP, the Chinese Communist Party could shut down our essential services at any time—including communications, power grids, ports, and water systems.”
These warnings highlight the shifting landscape of U.S.-China cyber conflicts. In the past, Chinese hacking operations primarily focused on stealing trade secrets and large-scale consumer data to boost China’s economic development. However, recent developments indicate a significant shift in both targets and methods, transforming Chinese cyber activities into a crucial strategic tool in potential geopolitical conflicts.
A Wall Street Journal report published on January 4 detailed how Chinese hackers have evolved from “petty cyber thieves” into “military weapons.” The report described how a series of cyber operations, codenamed Typhoon, pose serious threats to U.S. infrastructure and communication networks. These hacking campaigns not only demonstrate the increasingly sophisticated techniques used by Chinese cyber operatives but also underscore their role as “cyber soldiers” on the digital frontlines of geopolitical conflicts.
Brandon Wales, former senior cybersecurity official at the U.S. Department of Homeland Security, told The Wall Street Journal that if a future conflict erupts between the U.S. and China, America’s computer networks will be a primary battleground.
Below are some of the most significant Chinese cyberattacks in recent years:
Typhoon Vortex: Attacks on Infrastructure
Typhoon Vortex is believed to be a hacker group supported by the Chinese Communist Party's military, primarily targeting the critical infrastructure of the United States, which includes energy, water, communication, and transportation systems. A key feature of these attacks is their long-term infiltration, allowing hackers to understand how these systems operate, thus setting the stage for potential future disruptions.
Key Cases:
🔘 Hawaii Water Company: Hackers infiltrated for as long as 9 months, thoroughly studying the operations of the water plant.
🔘 Los Angeles Utility Company: They attempted to gather specific information regarding emergency response plans.
🔘 Guam Communication Network: Hackers breached critical communication facilities, preparing for potential military actions in the Taiwan Strait.
🔘 Houston Port: In August 2021, hackers exploited a vulnerability in a password management server to quickly access encrypted passwords for all employees. Although the attack was promptly thwarted, it may have left a hidden entry point.
🔘 Small Air Traffic Control Facilities on the West Coast: These could disrupt flight scheduling, impacting civilian life.
🔘 Sectors such as manufacturing, education, and construction: These indicate that hackers are trying to gain a comprehensive understanding of the operational systems in critical areas of the United States.
The aim of these attacks is to gain insight into the operational methods of infrastructure systems rather than to directly steal data.
"Microsoft analysts have noted that they are observing new behaviors from the Chinese Communist Party, with a significant number of Chinese hackers simultaneously infiltrating critical infrastructure that appears to have little espionage or commercial value," reported The Wall Street Journal.
According to information from Microsoft and other intelligence sources, federal agents have initiated investigations across the United States, visiting over a dozen locations during 2022 and 2023, where they encountered similar accounts. The cybersecurity levels of the victims are generally low, with some individuals even unaware that they have been compromised. Hackers typically do not install malware or steal sensitive data such as trade secrets, government secrets, or personal information; instead, they primarily seek to access and understand the systems.
U.S. security officials informed the newspaper that the Typhoon Vortex attacks were "at least partially aimed at disrupting military supply lines in the Pacific region and otherwise hindering the U.S. ability to respond to potential conflicts with the Chinese Communist Party (CCP), including actions related to a possible invasion of Taiwan."
However, some officials noted that the targeting of a small air traffic control facility on the West Coast and several water treatment plants by Typhoon Vortex suggests that "hackers are seeking ways to inflict harm on American civilians, including disrupting flight paths or shutting down local water treatment facilities."
George Barnes, a former deputy director of the National Security Agency, told The Wall Street Journal that he suspects Beijing's intention is to allow these hackers' actions to be exposed, thereby intimidating the U.S. against intervening in potential conflicts over Taiwan. Barnes believes that once a war erupts in the Taiwan Strait, the U.S. "will become the primary target of destructive cyberattacks, aside from Taiwan."
Typhoon Salt: Telecommunications Network Attack
The Salt Typhoon is another hacker group believed to be linked to the Chinese Communist Party's Ministry of State Security, primarily targeting the telecommunications networks and surveillance systems of the United States. These attacks highlight the deep infiltration of Chinese Communist hackers into U.S. communication infrastructure and their possible political and military motives.
Attack Targets:
🔘 Senior government officials and legislators: This includes current President Donald Trump and members of former Vice President Kamala Harris's 2024 campaign team, as well as the call audio of sitting senior government officials.
🔘 Court oversight systems: The group has stolen a list of individuals monitored by the U.S. government under court orders, which includes personnel suspected of being Chinese Communist agents.
🔘 "The focus of these hackers is somewhat regional: the call records of personnel working in Washington, D.C. and its surrounding areas are their primary targets. They accessed call event date records for over one million users, including date and timestamp, source IP address and target IP address, phone numbers, and unique phone identifiers," reported The Wall Street Journal.
Silk Typhoon: Attacks on Cloud and Internet Supply Chains.
A recent report from Microsoft's Threat Intelligence Team has unveiled a new hacking operation by the Chinese Communist Party (CCP) group known as Silk Road Typhoon (formerly called Hafnium), which has adopted a novel cyber attack strategy on a global scale. Unlike previous attacks that primarily targeted vulnerabilities in Microsoft Exchange servers, Silk Road Typhoon has redirected its focus towards the IT supply chain, employing remote management tools, cloud applications, and API keys to breach the security defenses of businesses and government entities, thereby infiltrating the networks of their downstream clients.
One notable attack involving Silk Road Typhoon occurred last December, targeting the U.S. Department of the Treasury and its former Secretary, Janet Yellen.
According to a report by the Washington Post at the time, "Yin Kecheng infiltrated a U.S. software supplier, BeyondTrust, successfully breaching sensitive offices within the U.S. Department of the Treasury, including those responsible for economic sanctions, and obtaining some non-classified documents from Secretary Yellen." BeyondTrust serves as a contract supplier for the U.S. Department of the Treasury.
Microsoft's report highlights that Silk Road Typhoon is a "resource-rich and technically adept" hacking organization backed by the Chinese government, characterized by:
🔘 The exploitation of zero-day vulnerabilities to swiftly launch large-scale attacks. (A zero-day vulnerability refers to a security flaw in software or hardware that has been exploited by attackers before developers have had the chance to discover or fix it.)
🔘 Securing the IT supply chain by obtaining initial access permissions through management service providers, cloud storage providers, and remote management tools;
🔘 Infiltrating cloud environments, breaching cloud security systems, and acquiring sensitive data from the U.S. government, businesses, and legal institutions.
Microsoft's cybersecurity experts assert that these attacks suggest that hackers affiliated with the Chinese Communist Party (CCP) are evolving their strategies from traditional single-point breaches to more extensive supply chain attacks, aiming to target a wider array of entities.
Cybersecurity specialists emphasize that cyber espionage cannot be entirely eliminated. Adam Segal, a scholar at the Council on Foreign Relations in New York who focuses on the CCP and cyber warfare, noted in an article published in Foreign Affairs that the CCP leadership views the information gained from these operations as vital to its national security and foreign policy. They also believe that the United States is engaging in similar cyber espionage against the CCP. "In these types of attacks, the attacker often holds an advantage over the defender, making it unlikely that the CCP can be 'persuaded' to cease these activities," Segal wrote.
Nevertheless, he pointed out that this does not imply that the United States must passively endure these attacks. He believes that the Trump administration can more effectively counter its adversaries through the following measures--
🔘 Promoting technological modernization to bolster cyber defense capabilities;
🔘 Enhancing support for critical infrastructure operators to improve security in key sectors;
🔘 Expanding U.S. counteractions against CCP hackers, actively disrupting their cyber operations, and raising the costs associated with their attacks.
Siegel also highlighted the differences between American cyber espionage activities and similar actions taken by rival nations, including the Chinese Communist Party. He stated, 'In conducting cyber espionage, the United States and its allies focus solely on legitimate national security interests, avoiding the pursuit of economic gains, refraining from excessive data collection on ordinary citizens, and ensuring that third parties are not harmed.'
News magazine bootstrap themes!
I like this themes, fast loading and look profesional
Thank you Carlos!
You're welcome!
Please support me with give positive rating!
Yes Sure!