Chinese cyber warriors are preparing to cripple U.S. military logistics in the Indo-Pacific, according to current and former officials alarmed by a newly revealed hack targeting Guam.
“They targeted key communications, transportation, and maritime systems across the U.S. with a focus on Guam, where U.S. military mobility for the Indo-Pacific is absolutely vital to our security,” Rep. Mike Gallagher (R-WI), who chairs the House Select Committee on the Chinese Communist Party, said Thursday.
BIDEN AND GOP BLAME EACH OTHER FOR DEFAULT THEY INSIST WON'T HAPPEN
Gallagher issued that statement one day after Microsoft alleged that “a state-sponsored actor based in China” has conducted a “stealthy and targeted” campaign to infiltrate the infrastructure linking the United States to Guam — a U.S. territory and one of the main American military outposts in the Pacific. And Secretary of State Antony Blinken’s team underscored the extended range of the operation, known as Volt Typhoon.
“We are aware of recent activity by a People’s Republic of China-sponsored cyber actor to develop a presence in digital networks across the U.S. critical infrastructure sector,” State Department spokesman Matthew Miller told reporters on Thursday. “And the U.S. intelligence community assesses that China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems.”
Gallagher offered a similar warning. “Everyone, from our armed services to banks, telecoms, and transportation industries, and CISA, FBI, and NSA, must be vigilant and work together to address these vulnerabilities and counter malign actions taken by our adversaries against what keeps our military and our country running,” he said.
The announcement comes almost exactly two years after cyberattackers reportedly based in Russia used ransomware to shut down Colonial Pipeline for several days in May of 2021. The attempt to lurk in those systems has been perceived in Western circles as an ominous indication of Beijing’s intent.
“We need, as a government, to realize this is probably [in the] planning and preparing for operations phase,” Heritage Foundation senior visiting fellow Brian Cavanaugh, a former White House National Security Council senior director, told the Washington Examiner. “This shift in where they’ve targeted, it was very focused in a theater that could potentially be under conflict, and that, to me, is an interesting shift.”
A senior Chinese diplomat dismissed the alert as a "collective disinformation campaign launched by the U.S.,” when Microsoft outlined a two-year effort to lurk in “critical infrastructure organizations” that underpin U.S. operations in the region.
“The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” the Microsoft bulletin warned Wednesday. “Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.”
That allegation was echoed by the U.S. and the rest of the Five Eyes bloc, which includes Australia, Canada, the United Kingdom, and New Zealand.
“The Australian government has joined with a number of other security agencies from around the world to advise that there have been evidence-based attacks on critical infrastructure associated with the United States and that the origin of those attacks has been the Chinese government,” Australian Home Affairs Minister Clare O’Neil said Wednesday.
Microsoft and the government agencies identified “potential indicators associated with these techniques ... [to] help net defenders hunt for this activity on their systems,” as the Australian cybersecurity officials put it. Yet Beijing cited the Five Eyes consensus as a reason for disbelieving Microsoft.
“Apparently, this has been a collective disinformation campaign launched by the U.S. through the Five Eyes to serve its geopolitical agenda,” Chinese Foreign Ministry spokeswoman Mao Ning told reporters. “The involvement of certain company in the report you mentioned indicates that the U.S. is using additional channels to spread disinformation other than through government agencies.”
Australian opposition lawmakers inferred that the cyber operations are even wider than reported.
“This is a particularly malign behavior to target civilian infrastructure like this, and it’s not acceptable,” said Australian Sen. James Paterson, the home affairs minister’s opposition counterpart. “There’s no doubt in my mind that if this is happening in U.S. critical infrastructure networks, then it’s happening on our networks, too.”
Such preparations are consistent with Chinese General Secretary Xi Jinping's "very aggressive" posture toward the U.S., Cavanaugh suggested, noting that Beijing continues to refuse U.S. offers to establish dialogue channels between the two militaries.
"They're posturing proactively for conflict,” he said. “Does it mean they're going to get to conflict? No, but they are proactively posturing in a manner that would lead you to believe that they're prepared to take action.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
Yet they’re not the only ones with that kind of reach in cyberspace, Cavanaugh noted, saying the U.S. is “better than the headlines” about Chinese cyberattacks might suggest.
“I have confidence that the Cyber Command at NSA have the U.S military in a position to be able to continue to project force downfield, downrange,” he said. “It’ll be interesting if this goes anywhere because you’ll have the two global powers ... from the cyber technology standpoint — the U.S. and China represent the two biggest technological powers.”