The United States has dismantled a network of connected devices used by Chinese state hackers to hide their activities, the FBI and the US Department of Justice announced on Wednesday January 31.
In the United States, the Chinese hacker group Volt Typhoon used a large number of previously infected domestic routers – the equivalent of the “boxes” that equip many French homes – as a rear base for its operations. They thus gave the impression of acting from American territory in order to conceal their activities against the “critical infrastructure”.
This “botnet” was notably used by Volt Typhoon for cyber operations denounced by the United States and its closest allies in May 2023. Microsoft, which had studied the activity of the hacker group, then estimated that their aim was undoubtedly to “develop their capacity to disrupt critical communications infrastructure between the United States and Asia in anticipation of future crises”. And this in a context where tensions between China and the United States, particularly around the situation in Taiwan, are increasing.
Targeted sensitive sectors
“Volt Typhoon malware allowed China to hide while targeting our communications, energy, water and transportation sectors, Christopher Wray, the director of the FBI, confirmed on Wednesday. This pre-positioning constitutes a real threat to our physical security. »
The FBI obtained authorization from the American courts to connect remotely to each of the routers forming this “botnet” and to send computer instructions to expel Volt Typhoon and prevent it from regaining control. These routers, from the Cisco and Netgear brands, were old, no longer benefiting from security updates.
Despite the numerous evidence accumulated by Westerners and the cybersecurity industry for almost two decades, China has always denied carrying out cyberespionage operations.
This is not the first time that the United States has carried out this type of operation intended to destroy computer infrastructure used by hackers: in April 2022, a few weeks after the start of the Russian invasion in Ukraine, the FBI had rendered inoperative a “botnet” that could be used by Russian intelligence services to carry out attacks, in accordance with the new American cyber defense strategywhich consists, in addition to measures to secure computer networks, of carrying out attacks to prevent opposing hackers from operating.
“The United States will continue to dismantle malicious cyber operations, including those supported by foreign governments that threaten the security of the American people”, warned the Minister of Justice, Merrick Garland. Especially since the pressure exerted by Beijing’s spies in terms of cyber espionage is a source of growing concern, in the United States as in Europe.