US officials believe Chinese hackers could still have access to sensitive US computer networks they’ve targeted in recent months as a top American cyber official told CNN he is concerned about the “scope and scale” of the activity.
The newly revealed Chinese government-backed hacking campaign, which targeted key US sectors like maritime and transportation networks, is “unacceptable” because the hackers sought access to networks that might allow them to disrupt critical services in the future, National Security Agency Director of Cybersecurity Rob Joyce said in an interview on Thursday.
US officials are still trying to verify that Chinese hackers have been kicked out of networks they’ve broken into during the monthslong campaign, Joyce said, adding that the NSA has been investigating the Chinese hacking effort since last year.
The Chinese hackers targeted an unnamed organization on the US Pacific territory of Guam as part of a likely effort to develop capabilities that could disrupt “critical communications infrastructure” between the US and Asia in the event of a crisis, Microsoft said in revealing the activity on Wednesday.
The alleged targeting of critical infrastructure in Guam adds to ongoing US concerns that China could be using its cyber capabilities in anticipation of a future conflict with the US in the Pacific.
The hackers have tried to burrow into many organizations with no apparent intelligence value and to “preposition” themselves in US computer networks for potential future operations, Joyce told CNN.
The US and its allies immediately amplified Microsoft’s findings on Wednesday and urged infrastructure operators to check their networks for compromise. The Chinese government denied the allegations and in turn accused the US of conducting hacking operations in China.
It’s a new front in tensions in cyberspace that have permeated the US-China relationship for years. It follows uproar in the US over the Chinese spy balloon that the Pentagon shot down in February.
Russia, too, has long sought footholds in US critical infrastructure, according to US officials and private experts. But Joyce – who has spent more than two decades at the NSA and has worked on offensive cyber operations – said the newly revealed Chinese activity stood out to him.
“I think the difference here is how brazen it is in scope and scale,” Joyce told CNN. “So, we need to empower everybody to be able to defend against it.”
The NSA – a vast US electronic spying agency with a foreign mission – used its intelligence capabilities to study the Chinese hackers’ tools and to verify the sensitive US infrastructure they targeted, Joyce said. In addition to maritime and transportation organizations, the hackers went after US government agencies and manufacturing and construction firms, among other targets, according to Microsoft.
“We assess this is prepositioning against critical infrastructure – more broadly than just [potentially] interrupting communications,” Joyce told CNN, adding: “We do agree with the Microsoft assessment.”
The targeting of Guam is of particular concern because it plays a key part in US military efforts to counter and deter China’s territorial ambitions in the Pacific. The US Marine Corps in January chose Guam as the place to open its first new base in 70 years, a facility that officials expect to host 5,000 Marines.
Republican Rep. Mike Gallagher of Wisconsin told CNN on Thursday that “US military mobility for the Indo-Pacific is absolutely vital to our security” while expressing concern about the new alleged Chinese hacking operation.
US officials are concerned that Chinese hackers have created footholds in Taiwan’s critical infrastructure that Beijing may use to disrupt key services like electricity in the event of a Chinese invasion of Taiwan, a senior US defense official told reporters in March.
“There is virtually no question that, if the US were to get directly involved in a conflict with China over Taiwan, China would seek use its cyber capabilities to ensure that US forces are less effective in combat,” said Jamil N. Jaffer, founder and executive director of the National Security Institute at George Mason University’s law school.
“Given this, the access to critical infrastructure that China is developing in Guam and elsewhere represents an important and growing risk to the ability of the US to effectively respond in the case of a conflict with China,” Jaffer told CNN.
Taiwanese cybersecurity experts saw a familiar foe in the Microsoft report and immediately began checking their systems for signs of compromise.
“We saw similar techniques and attacks in Taiwan,” said Sung-ting Tsai, CEO of Taiwanese cybersecurity firm TeamT5. Tsai said his analysts are still investigating but haven’t matched the hackers mentioned by Microsoft to a known Chinese hacking group.
The longer game some Chinese hackers are playing in Taiwan is to “penetrate into the target networks [and] environments, try everything to make themselves invisible, stay in the critical systems, then make disruptions when they need,” Tsai told CNN.