Quote:Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said on Thursday.

An ongoing Chinese hacking campaign known as Volt Typhoon has successfully gained access to numerous American companies in telecommunications, energy, water and other critical sectors, with 23 pipeline operators targeted, Wray said in a speech at Vanderbilt University.

China is developing the "ability to physically wreak havoc on our critical infrastructure at a time of its choosing," Wray said at the 2024 Vanderbilt Summit on Modern Conflict and Emerging Threats. "Its plan is to land low blows against civilian infrastructure to try to induce panic."
Wray said it was difficult to determine the intent of this cyber pre-positioning which was aligned with China's broader intent to deter the U.S. from defending Taiwan.

China claims democratically governed Taiwan as its own territory and has never renounced the use of force to bring the island under its control. Taiwan strongly objects to China's sovereignty claims and says only the island's people can decide their future.
Earlier this week, a Chinese Ministry of Foreign Affairs spokesperson said, opens new tab Volt Typhoon was in fact unrelated to China's government, but is part of a criminal ransomware group.

In a statement, China's Embassy in Washington referred back to the MFA spokesperson's comment. "Some in the US have been using origin-tracing of cyberattacks as a tool to hit and frame China, claiming the US to be the victim while it's the other way round, and politicizing cybersecurity issues."
Wray said China's hackers operated a series of botnets - constellations of compromised personal computers and servers around the globe - to conceal their malicious cyber activities. Private sector American technology and cybersecurity companies previously attributed Volt Typhoon to China, including reports by security researchers with Microsoft and Google.

(04-19-2024, 07:24 AM)Ninurta Wrote: Maybe they should check into hiring some quiet professionals themselves. DO something serious rather than just trying to spook your citizens (especially not vulnerable college kids at Vanderbilt who have no clue as to how the world really is, like Wray did) with how inept you are at securing your own damned infrastructure.

.

(04-19-2024, 11:56 AM)NightskyeB4Dawn Wrote: It has been said that the numbers of those spared the trials and tribulations, will be few.

Prepare for the worse. Keep praying for the best.

Quote:FBI Director Wray Issues Dire Warning on China's Cybersecurity Threat

China Is a Singular Threat

Vanderbilt's choice to focus this year's summit on the challenges posed by the People's Republic of China echoes the Bureau's own assessment of that threat—an assessment we've been beating the drum on for years—because, from the FBI's perspective, these threats are not over the horizon. They're upon us now. 

I'm talking about everything from indiscriminate hacking to economic espionage to transnational repression to fentanyl and the precursor chemicals that are coming out of China and ending up in our communities. What we're facing today is the CCP [Chinese Communist Party] throwing its whole government into undermining the security of the rule-of-law world.

At the FBI, PRC [People's Republic of China] aggression and criminality has required us to commit our counterintelligence, cybersecurity, and criminal investigative resources because the Chinese government's actions have proven, again and again, that it's a combined counterintelligence, cybersecurity, and criminal threat. Part of that threat is driven by the CCP's aspirations to wealth and power. Through plans like "Made in China 2025" and its series of Five-Year Plans, Beijing is seeking to seize economic development in the areas most critical to tomorrow's economy.

And they don't have any reservations about stealing their way to the top. We've seen Beijing hit just about every industry we have—everything from biotech to aviation, to advanced technologies like AI [artificial intelligence], to different forms of healthcare and agriculture—to steal our intellectual property, technology, and research. You could close your eyes and pull an industry or sector out of a hat and, chances are, Beijing has targeted it. The PRC is engaged in the largest and most sophisticated theft of intellectual property and expertise in the history of the world, leveraging its most powerful weapons, starting with cyber.

To give you a sense of the scale of China’s cyber activity, if all of the FBI’s cyber agents and cyber intelligence analysts focused exclusively on China—and not on ransomware, Iran, or Russia—Chinese hackers would still outnumber FBI cyber personnel by at least 50 to 1. And that's probably a conservative estimate because the Chinese government is also showing a penchant for hiring cybercriminals to do its bidding—in effect, cyber mercenaries—further supplementing its cyber workforce.

One thing is clear: China’s hacking program is larger than that of every other major nation, combined. And that size advantage is only magnified by the PRC military and intelligence services’ growing use of artificial intelligence—built, in large part, on innovation and data stolen from us—to enhance its hacking operations, including to steal yet more tech and data.


And the PRC cyber threat is made vastly more harmful by the way the Chinese government combines cyber with traditional espionage and economic espionage—and with its efforts to export its repression and malign influence to other nations, including our own.

A few years ago, we might have said China represents the most significant long-term threat. That’s no longer the best way to describe the danger. The Office of the Director of National Intelligence assessed last year that Beijing is trying to build the capability to deter U.S. intervention in a crisis between China and Taiwan by 2027.

2027 is not exactly long-term. In reality, it’s not even “around the corner.” We’re feeling some of the effects today.

In government, we’re looking at the 2024 budgets being written now as the determinants of what resources we’ll have ready to confront China in 2027. 

In the private sector and academia, too, the investments, partnerships, security, and capabilities you’re building today will dictate how those sectors are prepared—or not—three short years from now. And, as we’ll discuss, we’re also already battling today preliminary steps, which include cyber intrusions and criminal activity, that China is already taking along their march to preparedness.

Critical Infrastructure Threats Are Particularly Alarming

The subject of the PRC’s desire to dictate America’s responses to its aggression is a good segue to our discussion of critical infrastructure because, at the FBI, we’re particularly concerned about the threat Beijing’s activities pose to those sectors.

And there’s no better way to close out this summit than to spend a few minutes reflecting on this singular threat and on what the FBI and our partners—including those here today—can do to safeguard our nation.

To the average person, critical infrastructure is largely invisible. These are sectors whose existence we don’t often think about or appreciate as long as they’re working right. But these vital sectors—everything from water-treatment facilities and energy grids to transportation and information technology—form the backbone of our society.

And what many Americans may not be tracking closely is that China is positioning its enormous hacking enterprise—remember, 50 to 1—for more than "just" the outrageous theft campaign I described a few minutes ago. It’s using that mass, those numbers, to give itself the ability to physically wreak havoc on our critical infrastructure at a time of its choosing.

The PRC has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.

We’ve been countering this growing danger for years now. China-sponsored hackers pre-positioned for potential cyberattacks against U.S. oil and natural gas companies way back in 2011. And while it’s often hard to tell what a hacker plans to do with their illicit network access—that is, theft or damage—until they take the final step and show their hand, these hackers’ behavior said a lot about their intentions.

When one victim company set up a honeypot—essentially, a trap designed to look like a legitimate part of a computer network with decoy documents—it took the hackers all of 15 minutes to steal data related to the control and monitoring systems while ignoring financial and business-related information, which suggests their goals were even more sinister than stealing a leg up economically.

That was just one victim, and we tracked a total of 23 pipeline operators targeted by these actors.

More recently, you may have heard about a group of China-sponsored hackers known as Volt Typhoon. In that case, we found persistent PRC access in our critical telecommunications, energy, water, and other infrastructure sectors. They were hiding inside our networks, using tactics known as “living-off-the-land"—essentially, exploiting built-in tools that already exist on victim networks to get their sinister job done, tools that network defenders expect to see in use and so don’t raise suspicions—while they also operated botnets to further conceal their malicious activity and the fact that it was coming from China. All this, with the goal of giving the Chinese government the ability to wait for just the right moment to deal a devastating blow.

This kind of specific targeting of critical infrastructure is on top of China’s scattershot, indiscriminate cyber campaigns that hit critical infrastructure along with thousands of other victims. One of the most egregious examples of this in recent memory was the 2021 Microsoft Exchange compromise.

In that case, hackers operating out of China exploited previously unknown vulnerabilities—called “zero-day” exploits—and compromised more than 10,000 U.S. networks, moving quickly and irresponsibly to do so before those vulnerabilities were disclosed to the public. The hackers targeted networks across a wide range of sectors, from infectious disease research to defense contractors, and their method was to plant malicious code that created a back door and gave them continued remote access to the victims’ networks.


That campaign echoed earlier PRC attacks on managed-service providers, compromising the companies that serve as gateways to thousands of others who rely on the MSPs [managed-service providers] for data services—and then compromising those customers, in turn.

So, while the recent Volt Typhoon story understandably caused a stir because of the sheer magnitude of the operation, the fact is the PRC’s targeting of our critical infrastructure is both broad and unrelenting. 

The FBI Is a Defender and a Partner

But you know what they say about the best-laid plans. At the FBI, we’ve mobilized across the organization to thwart China’s schemes to steal and sabotage their way to the top. And I think it’s fair to say that there are few parts of the FBI not involved in the China fight—across our 56 field offices, at Headquarters, and in our offices around the world.

One key to being successful in this fight is the FBI’s dual and complementary mission: enforcing federal law and protecting national security. At the Bureau, we’re empowered not just to collect intelligence, but to act on it, and those actions cover a wide range of forms.

To prevent cyberattacks, we can often share what we learn through our collection with network defenders and Intelligence Community partners.

Last year alone, in addition to our individual warnings to potential victims, the FBI published nearly 80 advisories on cyber threats to the private sector, arming network defenders by highlighting new threats and describing adversary technical indicators and tactics. We also exercise our technical capabilities to stop intrusions and protect victims, no matter who is behind the activity. And we take other law enforcement actions, too—steps like seizures and arrests, which are key instruments of disruption and deterrence.

In the China context, we hardly ever take those kinds of steps by ourselves. Our strategy is to lead joint, sequenced operations that bring to bear our authorities—and those of our many partners—in coordinated actions for maximum effect.

As part of those operations, we’re often sharing targeting and other information with partners like U.S. Cyber Command, foreign law enforcement agencies, the CIA, and others—and then acting as one. When it comes to both nation-state and criminal cyber threats, we plan operations with our sights set on all the elements we know from experience make hacking groups tick.

So, we’re going after their people—a term we define broadly to include not just hackers and malware developers, but also the facilitators they depend on, like bulletproof hosters and money launderers. We’re also going after their infrastructure, like their servers and botnets. And we’re going after their money—the cryptocurrency wallets they use to stash their ill-gotten gains or hide financial connections, hire associates, and lease infrastructure.

So, to take the PRC’s Microsoft Exchange compromise as an example, we leaned on our private sector partnerships, identified the vulnerable machines, and learned the hackers had implanted webshells—malicious code that created a back door and gave them continued remote access to the victims’ networks. We then pushed out a joint cybersecurity advisory with CISA to give network defenders the technical information they needed to disrupt the threat and eliminate those backdoors.

But some system owners weren’t able to remove the webshells themselves, which meant their networks remained vulnerable. So, working with Microsoft, we executed a first-of-its-kind surgical, court-authorized operation, copying and removing the harmful code from hundreds of vulnerable computers. 


And those backdoors the Chinese government hackers had propped open? We slammed them shut so the cyber actors could no longer use them to access victim networks.

Similarly, when we discovered Volt Typhoon’s malware being used against critical infrastructure, we joined our U.S. and international partners last spring—and again this February—to first author a series of joint cybersecurity advisories about what we saw, effectively calling out the hackers and sharing technical information victims can use to protect themselves. And then, we followed up those warnings with action aimed at the hackers.

Working with our partners in the private sector, the FBI was able to identify the threat vector and conduct a court-authorized operation—in coordination with others—to not only remove Volt Typhoon’s malware from the routers it had infected throughout the U.S. but also to sever their connection to that network of routers and prevent their reinfection.

What We Need From You

You’ve heard me say several times now this afternoon that private companies, like those represented here, and academic institutions like Vanderbilt are exactly the kinds of partners that have important roles to play when it comes to protecting our most essential networks—and not just as key participants in many of those joint, sequenced operations I mentioned.

The private sector owns the vast majority of our critical infrastructure, so it plays a central defensive role, and also generates vital information about what adversaries are doing—or preparing to do—against us.

But the first thing private industry can bring to the table is vigilance because everything we do in the government and law enforcement space has to be combined with the public’s role in being more discerning and more cyber-literate. 

That includes resiliency planning—things like developing an incident response plan, actually testing and exercising that plan, and fortifying networks and devices to make the attack surface as inhospitable as possible. Companies need to familiarize themselves with each specific threat and its particularities, create a plan tailored to each of those threats, and then actually run through those plans with tabletop exercises. Most importantly, know where your crown jewels are, know how to get back up and running in the event of a breach, and know at what point you’re going to call the FBI for help.

There’s also hardware and supply chains to worry about. I’m sure many of the folks here today are familiar with Solar Winds, the Russian SVR’s supply chain campaign that compromised widely-used IT software and caused thousands of Solar Winds customers to upload malicious backdoors hidden in innocuous-looking software updates. Vetting your vendors, their security practices, and knowing who’s building the hardware and software you’re granting access to your network is crucial, so push for transparency into what vendors and suppliers are doing with your data and how they will maintain it.

That brings me to the final thing we need to build a strong defense, and that’s solid partnerships—as we've discussed, the very foundation of our work confronting Beijing. 

When something goes awry, we need victims to reach out to us immediately because that first victim who reports an intrusion can supply the key information that will enable us not just to help them recover, but also to prevent the attack from metastasizing to other sectors and other businesses. In fact, Volt Typhoon was taken down thanks, in part, to help from the private sector—to companies coordinating with us.

We’ve seen the best outcomes in situations where a company made a habit of reaching out to their local FBI field office even before there was any indication of a problem because that put everyone on the same page and contributed to the company’s readiness. And it’s not just companies. The FBI has long put a premium on building relationships with academic institutions, too.

Building those partnerships means that we can better understand the issues academia faces every day interacting with the PRC, and academia can get a better understanding of national security threats and make informed decisions about how to deal with them.

Speaking of academia, since I find myself here at one of the top universities in the country, I’d be crazy not to talk a bit about the people we need to keep hiring to do all this vital, cutting-edge work.
We need even more smart, driven, talented people in the field to keep America safe—people with the technical skills to keep our cyber workforce world-class. 

So, while I’m here at Vandy, among some of our nation’s best and brightest students about to enter the workforce, here’s a plug for both them and the professors in the audience that those students look to for guidance: We need more people to join our elite team, determining who’s responsible for cyberattacks; planning and running those joint, sequenced operations, to knock our adversaries back; working with victims; and, often, doing all those things in the same day.

We need talented people on our rapid-response Cyber Action Team—deploying across the country often within hours to respond to major incidents—and working with international partners in our offices overseas, seeking justice for victims of cyberattacks.

A job with the FBI could take you anywhere, and there’s no better way to serve a mission you’re proud of while doing work that’s the envy of your friends slogging it out elsewhere.

The FBI doesn’t do easy. We focus on what’s hard, what no one else can do—measured both in our own work and in the adversaries we go up against: the most dangerous intelligence services and criminals in the world.

As we’ve talked about today, the threats America faces—from the PRC and many others besides—are immense, and we’re confronting them right now.

Our way of life—and, in some cases, our very lives—need defending, so think about applying to join us or sending your best and brightest our way.

(04-24-2024, 03:50 AM)EndtheMadnessNow Wrote: ...

Quote:
So, while I’m here at Vandy, among some of our nation’s best and brightest students about to enter the workforce, here’s a plug for both them and the professors in the audience that those students look to for guidance: We need more people to join our elite team, determining who’s responsible for cyberattacks; planning and running those joint, sequenced operations, to knock our adversaries back; working with victims; and, often, doing all those things in the same day.

We need talented people on our rapid-response Cyber Action Team—deploying across the country often within hours to respond to major incidents—and working with international partners in our offices overseas, seeking justice for victims of cyberattacks.

A job with the FBI could take you anywhere, and there’s no better way to serve a mission you’re proud of while doing work that’s the envy of your friends slogging it out elsewhere.

The FBI doesn’t do easy. We focus on what’s hard, what no one else can do—measured both in our own work and in the adversaries we go up against: the most dangerous intelligence services and criminals in the world.

As we’ve talked about today, the threats America faces—from the PRC and many others besides—are immense, and we’re confronting them right now.

Our way of life—and, in some cases, our very lives—need defending, so think about applying to join us or sending your best and brightest our way.

(04-24-2024, 07:12 AM)Ninurta Wrote: A recruitment pitch from Chris Wray to join the FBI is sort of like a request from Chengiss Khan to join the Golden Horde.

Not for me, but if your thing is putting your boot to folks' necks, then it might be a golden opportunity!

.

Quote:The head of the Cybersecurity and Infrastructure Security Agency (CISA) described Chinese cyberattacks against U.S. critical infrastructure as the most serious threat to the nation she has seen in her 30-plus year career.

CISA Director Jen Easterly made the assessment in front of lawmakers during an April 30 hearing of the House Appropriations Subcommittee on Homeland Security while responding to questions about a proposed boost to CISA’s annual budget.

Under the fiscal 2024 budget proposed by President Joe Biden, funding for CISA would increase by $150 million to $3.01 billion. Easterly said a sizable portion of the increase would go towards strengthening the agency’s cyber threat hunting capabilities, with an emphasis on better securing critical infrastructure.

During the past fiscal year, CISA’s hunt teams conducted 97 engagements across federal, state, local and private critical infrastructure entities covering multiple sectors, including communications, water, power and transportation.


The engagements helped unearth Volt Typhoon, a Chinese advanced persistent threat group responsible for infiltrating several critical infrastructure systems.

Despite the hunt teams’ successes, Easterly said the threats CISA and its partners were able to discover and eradicate from critical systems were feared to be just “the tip of the iceberg” in terms of the extent of foreign infiltration.

“We’ve long been focused on cyber threats. Typically, it’s been about data theft, intellectual property theft, espionage. Over the past year we have seen this evolution to pre-positioning into critical infrastructure, specifically for disruption and destruction,” she said.

“We believe that this is just the tip of the iceberg and so we are working with critical infrastructure owners and operators across the country to make sure that they understand this threat, that they can identify and detect this threat in their network, and that they can put in place mitigations that can allow them to reduce the risk of potential mass disruption.”

She told the subcommittee the situation represented “the most serious threat to our nation that I have seen in more than 30 years in the U.S. government.”

Easterly is not alone in expressing grave concerns about China’s recent actions. Officials have intensified their warnings about China’s cyberespionage efforts since last year’s discovery of Volt Typhoon’s multifaceted campaign. FBI director Christopher Wray has called the threat posed by Chinese actors “unprecedented.”


During Tuesday’s House hearing, subcommittee member Rep. Dan Newhouse, R-Wash., asked Easterly if CISA had ever discovered any Chinese-produced technology that it did not consider a cyber risk.

“I would have to say no to that,” she replied.

“I think just broadly we have to assume from everything that we are seeing that there is a very serious risk from Chinese cyber actors and we need to be very mindful of that when we’re building and deploying and using technology infrastructure.”

Easterly said another major chunk of the budget boost CISA was hoping for would go toward growing its field force — staff devoted to advising organizations she described as “target rich, cyber poor.”

As custodians of significant amounts of data or control over critical infrastructure, but with their limited IT budgets, organizations across sectors including education, health and water services benefited significantly from CISA’s guidance and assistance with services including vulnerability scanning, she said.

“We work together [with other agencies] to do probably over a thousand engagements now across the country working with these target rich, cyber poor entities — frankly, the ones who have been the victim of the scourge of ransomware — and we've really been able to help them improve their security and resilience by putting very basic things in place,” Easterly said.

“Ransomware is still in a pretty bad place — but I’ll tell you it would be much, much worse if we didn’t use the [CISA] budget to be able to help shore up some of these target rich, cyber poor entities across the country.”