{"id":641494,"date":"2024-10-13T17:00:00","date_gmt":"2024-10-13T14:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/meet-the-chinese-typhoon-hackers-preparing-for-war\/"},"modified":"2024-10-13T17:00:00","modified_gmt":"2024-10-13T14:00:00","slug":"meet-the-chinese-typhoon-hackers-preparing-for-war","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war\/","title":{"rendered":"#Meet the Chinese &#8216;Typhoon&#8217; hackers preparing for war"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a261e264c127\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a261e264c127\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war\/#Volt_Typhoon\" >Volt Typhoon<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war\/#Flax_Typhoon\" >Flax Typhoon<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war\/#Salt_Typhoon\" >Salt Typhoon<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which top U.S. officials have described as an \u201cepoch-defining threat.\u201d<\/p>\n<p class=\"wp-block-paragraph\">In recent months, U.S. intelligence officials said Chinese government-backed hackers have been burrowing deep into the networks of U.S. critical infrastructure, including water, energy and transportation providers. The goal, officials say, is to lay the groundwork for potentially destructive cyberattacks in the event of a future conflict between China and the U.S., such as over a possible Chinese invasion of Taiwan.<\/p>\n<p class=\"wp-block-paragraph\">\u201cChina\u2019s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,\u201d FBI Director Christopher Wray told lawmakers earlier this year.<\/p>\n<p class=\"wp-block-paragraph\">The U.S. government and its allies have since taken action against the \u201cTyphoon\u201d family of the Chinese hacking groups, and published new details about the threats they pose.<\/p>\n<p class=\"wp-block-paragraph\">In January, the U.S. disrupted dubbed \u201cVolt Typhoon,\u201d a group of China government hackers tasked with setting the stage for destructive cyberattacks. Later in September, the feds hijacked a botnet run by another Chinese hacking group called \u201cFlax Typhoon,\u201d which masquerades as a private company in Beijing and whose role was to help conceal the activities of China\u2019s government hackers. Since then, a new China-backed hacking group called \u201cSalt Typhoon\u201d emerged, capable of gathering intelligence on Americans \u2014 and potential targets of U.S. surveillance \u2014 by compromising the wiretap systems of U.S. phone and internet providers.<\/p>\n<p class=\"wp-block-paragraph\">Here\u2019s what we know so far about the Chinese hacking groups gearing up for war.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-volt-typhoon\"><span class=\"ez-toc-section\" id=\"Volt_Typhoon\"><\/span>Volt Typhoon<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">Volt Typhoon represents a new breed of China-backed hacking groups; no longer just aimed at stealing sensitive U.S. secrets, but rather preparing to disrupt the U.S. military\u2019s \u201cability to mobilize,\u201d according to the FBI\u2019s director.<\/p>\n<p class=\"wp-block-paragraph\">Microsoft <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/24\/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques\/\">first identified<\/a> Volt Typhoon in May 2023, finding that the hackers had targeted and compromised network equipment, such as routers, firewalls, and VPNs, since mid-2021 as part of an ongoing and concerted effort to infiltrate deeper into U.S. critical infrastructure. In reality, it\u2019s likely the hackers were operating for much longer; potentially for as long as five years.<\/p>\n<p class=\"wp-block-paragraph\">Volt Typhoon compromised thousands of internet-connected devices in the months following Microsoft\u2019s report, exploiting vulnerabilities in internet-connected devices that were considered \u201cend-of-life\u201d and as such would no longer receive security updates. As such, the hacking group subsequently managed to compromise the IT environments of multiple critical infrastructure sectors, including aviation, water, energy, and transportation, pre-positioning itself for activating future would-be disruptive cyberattacks.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThis actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,\u201d said John Hultquist, chief analyst at security firm Mandiant.<\/p>\n<p class=\"wp-block-paragraph\">The U.S. government <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.justice.gov\/opa\/pr\/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical\">said in January<\/a> that it had successfully disrupted a botnet, used by Volt Typhoon, consisting of thousands of hijacked U.S.-based small office and home network routers, which the Chinese hacking group used to hide its malicious activity aimed at targeting U.S. critical infrastructure. The FBI said it was able to remove the malware from the hijacked routers, severing the Chinese hacking group\u2019s connection to the botnet.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-flax-typhoon\"><span class=\"ez-toc-section\" id=\"Flax_Typhoon\"><\/span>Flax Typhoon<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">Flax Typhoon, first outed in <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/08\/24\/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations\/\">an August 2023 report from Microsoft<\/a>, is another China-backed hacking group that officials say has operated under the guise of a publicly traded cybersecurity company based in Beijing. The company, Integrity <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">Technology<\/a> Group, has publicly acknowledged its connections to China\u2019s government, according to U.S. officials.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">In September, the U.S. government said it had taken control of another botnet, used by Flax Typhoon, which leveraged a custom variant of the infamous Mirai malware, made up of hundreds of thousands of internet-connected devices.<\/p>\n<p class=\"wp-block-paragraph\">U.S. officials said at the time that the Flax Typhoon-controlled botnet was used to \u201cconduct malicious cyber activity disguised as routine internet traffic from the infected consumer devices.\u201d Prosecutors said the botnet run by Flax Typhoon allowed other China government-backed hackers to \u201chack into networks in the U.S. and around the world to steal information and hold our infrastructure at risk.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to Microsoft\u2019s profile of the government-backed group, Flax Typhoon has been active since mid-2021, predominantly targeting \u201cgovernment agencies and education, critical manufacturing, and information technology organizations in Taiwan.\u201d The Department of Justice said it corroborated Microsoft\u2019s findings and that Flax Typhoon also \u201cattacked multiple U.S. and foreign corporations.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-salt-typhoon\"><span class=\"ez-toc-section\" id=\"Salt_Typhoon\"><\/span>Salt Typhoon<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">The latest \u2014 and potentially most ominous \u2014 group in China\u2019s government-backed cyber army uncovered in recent months is Salt Typhoon.<\/p>\n<p class=\"wp-block-paragraph\">Salt Typhoon hit headlines in October for a much more sophisticated operation. As <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b\">first reported by the Wall Street Journal<\/a>, the China-linked hacking group is believed to have compromised the wiretap systems of several U.S. telecom and internet providers, including AT&amp;T, Lumen (formerly CenturyLink), and Verizon.<\/p>\n<p class=\"wp-block-paragraph\">According to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.washingtonpost.com\/national-security\/2024\/10\/06\/salt-typhoon-china-espionage-telecom\/\">one report<\/a>, Salt Typhoon may have gained access to these organizations using compromised Cisco routers. The U.S. government is said to be in the early stages of its investigation.<\/p>\n<p class=\"wp-block-paragraph\">While the scale of the internet provider compromises remains unknown, the Journal, citing national security sources, said the breach could be \u201cpotentially catastrophic.\u201d By hacking into systems that law enforcement agencies use for court-authorized collection of customer data, the Salt Typhoon potentially gained access to data and systems that house much of the U.S. government\u2019s requests \u2014 including the potential identities of Chinese targets of U.S. surveillance.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">It\u2019s not yet known when the breach occurred, but WSJ reports that the hackers may have held access to the internet providers\u2019 wiretap systems \u201cfor months or longer.\u201d<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2024\/10\/13\/meet-the-chinese-typhoon-hackers-preparing-for-war\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which top U.S. officials have described as an \u201cepoch-defining threat.\u201d In recent months, U.S. intelligence officials said Chinese government-backed hackers have been burrowing deep into the networks of U.S. critical infrastructure, including water, energy&#8230;<\/p>\n","protected":false},"author":1,"featured_media":641495,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/10\/China-flag-code-Getty.jpg?resize=1200,700","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75269,4973,70375,79365,70513,72287,152325],"class_list":["post-641494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-us-government","tag-china","tag-cybersecurity","tag-evergreen","tag-hacking","tag-security","tag-state-sponsored-hacking"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/641494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=641494"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/641494\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/641495"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=641494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=641494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=641494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}