As intelligence chiefs and policymakers gathered for this city’s annual security conference focused on the wars in Ukraine and the Middle East, the director of the Federal Bureau of Investigation urged them not to lose sight of another threat: China.
Christopher Wray on Sunday said Beijing’s efforts to covertly plant offensive malware inside U.S. critical infrastructure networks is now at “a scale greater than we’d seen before,” an issue he has deemed a defining national security threat.
Citing Volt Typhoon, the name given to the Chinese hacking network that was revealed last year to be lying dormant inside U.S. critical infrastructure, Wray said Beijing-backed actors were pre-positioning malware that could be triggered at any moment to disrupt U.S. critical infrastructure.
“It’s the tip of the iceberg…it’s one of many such efforts by the Chinese,” he said on the sidelines of the security conference that has been dominated by questions over Ukraine and the death of Russian opposition leader Alexei Navalny. China, he had earlier told delegates, is increasingly inserting “offensive weapons within our critical infrastructure poised to attack whenever Beijing decides the time is right.”
The FBI chief declined to elaborate on what other critical infrastructure had been targeted, stressing that the Bureau had “a lot of work under way.”
Wray’s comments are the latest in a string of public warnings by senior Biden administration officials to animate their fears about China’s advanced and well-resourced hacking prowess. Western intelligence officials say its scale and sophistication has accelerated over the past decade. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, planting malware inside U.S. computer systems responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a conflict.
The director has been prodding foreign governments in Europe and Asia to increase resources on the threat of Chinese hacking campaigns, particularly protecting critical infrastructure. He described the response as gratifying and a step change from several years ago when some were still skeptical about the Chinese cyber threat.
In California, Wray met with counterparts from the Five Eyes intelligence community—which encompasses the U.S., Australia, New Zealand, Canada and the U.K.—to share respective strategies for cyber defense; he has also traveled to Malaysia and India to discuss China’s hacking campaign with authorities in both countries.
“I am seeing more from Europe,” he said. “We’re laser focused on this as a real threat and we’re working with a lot of partners to try to identify it, anticipate it and disrupt it.”
The Netherlands’ spy agencies said earlier this month that Chinese hackers had used malware to gain access to a Dutch military network last year. The agency, considered to have one of Europe’s top cyber capabilities, said it made the rare disclosure to show the scale of the threat and reduce the stigma of being targeted so allied governments can better pool knowledge.
Beijing routinely denies any accusations of cyberattacks and espionage linked to or backed by the Chinese state and has accused the U.S. of mounting its own cyberattacks. But evidence of a Chinese state-backed program has been building in recent years and the U.S. has charged a string of officers from the People’s Liberation Army cyber units with stealing secrets.
Wray said the U.S. is particularly focused on the threat of pre-positioning, which some European officials have described as the cyber equivalent of pointing a ballistic missile at critical infrastructure.
A report released this month by agencies including the FBI, the Cybersecurity and Infrastructure Agency and the National Security Agency said Volt Typhoon hackers had maintained access in some U.S. networks for five or more years, and while it targeted only U.S. infrastructure directly, the infiltration was likely to have affected “Five Eyes” allies.
The Justice Department and FBI took action in December after obtaining court approval to dismantle a botnet, or network of hacked devices, consisting of small office and home office, or SOHO, routers. Mostly from Cisco or Netgear, the routers were vulnerable because they had reached so-called end-of-life status, meaning they were no longer receiving routine security updates from the manufacturers.
Those attacks are now being amplified by artificial intelligence tools, Wray said.
“The word ‘force multiplier’ is not really enough,” he said.
Machine learning translation has helped Chinese security operatives to more plausibly recruit assets, steal secrets and rapidly process more of the information they are collecting, the director said.
“They already have built economic espionage and theft of personal and corporate data as a kind of a bedrock of their economic strategy and are eagerly pursuing AI advancements to try to accelerate that process,” he said.