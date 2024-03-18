



FORT MEADE, MARYLAND The U.S. government has yet to realize the extent of a massive Chinese espionage campaign targeting U.S. critical infrastructure, according to a senior National Security Agency official.

Federal agencies are not done with their efforts to uncover or eradicate threats created by the Chinese hacking group known as Volt Typhoon, said Rob Joyce, the outgoing director of the NSA's cybersecurity directorate , during a roundtable with journalists on Friday.

Investigators continue to find victims and work to root out intrusions linked to the sweep, which Western countries first revealed almost a year ago, he said.

Joyce also acknowledged for the first time that the government had used artificial intelligence to uncover some of the violations committed during the campaign, noting that Volt Typhoon's activity was difficult to identify initially because the group was stealing or generating legitimate credentials and did not introduce additional malware into a system. .

Conversely, Joyce said he hasn't seen any examples of them using AI to date. Instead, the prolific state-sponsored enterprise relies on massive vulnerability scans to detect and exploit known weaknesses.

Joyce declined to comment on the scale of the operation the federal government has uncovered so far.

The new information comes weeks after some of the nation's top cybersecurity officials issued stark warnings about the ability of Volt Typhoon and other Chinese hackers to compromise U.S. networks in the event of a conflict with Beijing.

“Unfortunately, the technology that underlies our critical infrastructure is inherently insecure because software developers have not been held accountable for decades for faulty technologies,” said Jen Easterly, director of the Cybersecurity and Security Agency. Infrastructure Security (CISA), to the House Select Committee on China.

“This has led to incentives where functionality and speed to market have been prioritized over security, leaving our country vulnerable to cyber invasion,” she said at the hearing. January 31.

The same day, the Justice Department announced that it had disrupted an attempt by Volt Typhoon to infiltrate hundreds of unsecured U.S. home routers and gain access to critical infrastructure.

The United States and its allies revealed the group's actions last May when Microsoft analysts discovered it had targeted systems ranging from U.S. telecommunications networks and transportation hubs to the military installation on the island territory of Guam.

Since then, the Biden administration has released more than six digital security adversaries warning of Volt Typhoons tactics and techniques.

From the start, it was a broad campaign, said Joyce, who noted that targets included airlines as well as energy and pipeline organizations.

The intention actually amounts to inspiring societal panic, he said.

This in turn would force the United States to turn inward and prevent the nation from being able to mobilize and support a conflict in the South Pacific, he told reporters, adding that the Our view of this activity changed as we expanded our knowledge about it.

That said, officials believe it would be a pretty high bar for Beijing to enable prepositioning of groups in Western networks, according to Joyce.

He told reporters he hoped Chinese authorities would be thoughtful following national anger over the discovery of Beijing's high-altitude balloon campaign last year.

China's military severely underestimated the country's response to the event, anger that would only grow if state-backed hackers attacked water and transportation systems, he said. he predicts.

Joyce, who was the NSA's original choice to be its latest No. 2, will retire at the end of the month.

He will be replaced by Dave Luber, who has held various positions within U.S. Cyber ​​Command and served as deputy chief of the Cybersecurity Directorate for nearly four years.

