US officials said they disrupted a sweeping Chinese cyber-spying operation that targeted critical American infrastructure entities and could be used against the United States in a future geopolitical crisis.
The operation, conducted jointly by the US Department of Justice and the FBI, weeded out malicious Chinese software from a network or “botnet” of hundreds of compromised US routers, both agencies said in a statement.
The US and its key allies disclosed the Chinese campaign, dubbed Volt Typhoon, in May 2023 when analysts at Microsoft found it had targeted everything from US telecommunication networks to transportation hubs.
As state-sponsored hacking becomes an increasingly powerful espionage and foreign policy tool, the United States has scaled up efforts to counter digital intrusion efforts by rivals China and Russia.
“This operation disrupted the efforts of (People’s Republic of China) state-sponsored hackers to gain access to US critical infrastructure that (China) would be able to leverage during a future crisis,” Assistant Attorney General Matthew Olsen of the Justice Department’s National Security Division said in a statement.
Some analysts say that crisis could be a Chinese invasion of Taiwan, in which case China could use its infiltration into US networks as part of Volt Typhoon to its advantage.
China last year dismissed US and its partners’ allegations on Volt Typhoon as a “disinformation campaign.”
A spokesperson at China’s embassy in Washington called them “irresponsible criticism” this week.
“The Chinese government has been categorical in opposing hacking attacks and the abuse of information technology,” the spokesperson said, alleging in turn that the United States was involved in hacking and “eavesdropping more than other countries.”
The disruptive American operation involved taking down hundreds of US-based small office or home office routers that were part of the botnet and had been hijacked by China’s state-sponsored hackers, Sean Newell, deputy chief of the Justice Department’s National Security Division, said during a media briefing by phone.
“These cyber actors use this botnet to conceal the hacking of US and foreign critical infrastructure among other malicious cyber activities,” Newell added.
Most of the infected routers were made by the technology firms Cisco and Netgear and were “end-of-life” or older-generation devices that were not being updated with the latest security measures, officials said.
A court order allowed the agencies to remove the malicious software from the infected routers and disconnect them from the network of devices that had been compromised by Volt Typhoon, they added.
Reuters exclusively reported earlier this week about the U.S. operation against Chinese hacking.
It is unclear how many American devices have been infected by the Chinese campaign, but the US statement said the FBI was continuing to investigate.