Topics
Latest
AI
Amazon
Image Credits:MustafaU / Getty Images
Apps
Biotech & Health
Climate
Image Credits:MustafaU / Getty Images
Cloud Computing
DoC
Crypto
initiative
EVs
Fintech
fundraise
gizmo
punt
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
seclusion
Robotics
certificate
societal
blank
startup
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
telecasting
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Of the cybersecurity risks facing the United States today , few loom orotund than the potential sabotage capabilities amaze by China - bet on hackers , which older U.S. national surety official have trace as an “ date of reference - define threat . ”
The U.S. say Taiwanese government - punt hackers have — in some cases for eld — been burrowing deep into the networks of U.S. critical infrastructure , including weewee , push , and transportation provider . The goal , officials say , is to lay the groundwork for potentially destructive cyberattacks in the event of a future battle between China and the United States , such as overa potential Chinese invasion of Taiwan .
“ China ’s drudge are positioning on American base in preparation to wreak mayhem and cause real - universe hurt to American citizens and community , if or when China decides the time has descend to strike , ” then - outgoing FBI Director Christopher Wray separate lawmakers last class .
The U.S. government and its ally have since taken activeness against some of the “ Typhoon ” family of Taiwanese hacking groups , and bring out new point about the threats puzzle by these group .
In January 2024 , theU.S. disrupted “ Volt Typhoon,”a radical of Formosan government cyber-terrorist tasked with set up the microscope stage for destructive cyberattacks . Later , in September 2024,federal authority hire control of a botnetrun by another Taiwanese cut group called “ Flax Typhoon , ” which used a Beijing - base cybersecurity company to help conceal the activity of China ’s government hackers . Then in December , the U.S. authorities approve the cybersecurity caller for its supposed part in “ multiple calculator intrusion incidents against U.S. dupe . ”
Since then , another new China - back hacking group call “ Salt Typhoon ” appear in the networks of U.S. phone and internet giants , up to of gathering intelligence on Americans — and potential aim of U.S. surveillance — by compromising telecom systems used for law enforcement wiretaps .
And , a Chinese threat player shout out Silk Typhoon ( previously bang as Hafnium ) , a hacking chemical group that has been alive since at least 2021 , returned in December 2024 with a new drive targeting the U.S. Treasury .
Here ’s what we have learned about the Formosan hacking group pitch up for state of war .
Volt Typhoon
Volt Typhoon represents a new breed of China - punt hack group ; no longer just direct at stealing sensitive U.S. secrets , but rather preparing to cut off the U.S. military ’s “ power to mobilize , ” according to the then - FBI director .
Microsoft first name Volt Typhoonin May 2023 , finding that the drudge had direct and compromised connection equipment , such as routers , firewalls , and VPNs , since at least mid-2021 as part of an on-going and concerted feat to pass through late into the systems of U.S. decisive substructure . The U.S. intelligence community said that in reality , it ’s likely the hackers were operating for much recollective , potentially for as long as five years .
Volt Typhoon compromise grand of these internet - connected devices in the calendar month following Microsoft ’s report , exploiting vulnerabilities in devices that were take “ end - of - lifespan ” and therefore would no longer get security updates . The cut up group after gained further access to the IT environments of multiple decisive infrastructure sectors , including air travel , water , energy , and transportation , pre - positioning for activating future troubled cyberattacks aimed at slow up the U.S. government ’s response to an invasion of its key ally , Taiwan .
“ This role player is not doing the hushed news aggregation and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can break up major services if , and when , the order do down , ” allege John Hultquist , chief psychoanalyst at protection firm Mandiant .
TheU.S. government enjoin in January 2024that it had successfully disrupted abotnet , used by Volt Typhoon , consist of thousands of hijacked U.S.-based humble office and home meshing routers , which the Taiwanese hacking group used to hide its malicious action aimed at targeting U.S. critical base . The FBI said it was able to remove the malware from hijacked router by mode of a homage - sanctioned operation , severing the Taiwanese hacking group ’s connective to the botnet .
By January 2025,the U.S. had discover more than 100 intrusionsacross the country and its territories connect to Volt Typhoon , according to reporting by Bloomberg . A declamatory number of these flak have targeted Guam , a U.S. island soil in the Pacific and a strategic location for American military operations , the report said . Volt Typhoon allegedly point critical infrastructure on the island , admit its principal power authority , the island ’s enceinte electric cell supplier , and several U.S. federal networks , include raw defense systems , based on Guam . Bloomberg account that Volt Typhoon used an entirely young form of malware to target networks in Guam that it had n’t ever deployed before , which researchers contract as a sign of the high importance that the neighborhood has to the China - backed hackers .
Flax Typhoon
Flax Typhoon , first out by Microsoft several months subsequently inan August 2023 report , is another China - backed hack group , which official say has operate under the guise of a publicly traded cybersecurity companionship based in Beijing to have a bun in the oven out hacks against critical infrastructure in late long time . Microsoft said Flax Typhoon — also active since mid-2021 — preponderantly targeted dozens of “ government representation and teaching , vital fabrication , and selective information technology organization in Taiwan . ”
Then in September 2023 , theU.S. governance said it had take aim control condition of another botnet , which was made up of hundreds of thousands of commandeer internet - connected devices , andused by Flax Typhoonto “ conduct malicious cyber activity disguised as workaday net traffic from the infected consumer gadget . ” prosecutor said the botnet allowed other China government - backed hackers to “ hack into networks in the U.S. and around the cosmos to steal selective information and hold our substructure at risk . ”
The Department of Justice afterwards corroborated Microsoft ’s findings , add that Flax Typhoon also “ attacked multiple U.S. and extraneous corporations . ”
U.S. official said that the botnet used by Flax Typhoon was operated and controlled by the Beijing - based cybersecurity company , Integrity Technology Group . In January 2024 , theU.S. government visit sanctionson Integrity Tech over its alleged radio link to Flax Typhoon .
Salt Typhoon
The latest — and potentially most ominous — group in China ’s political science - backed cyber ground forces uncovered in recent months is Salt Typhoon .
Salt Typhoon hit headlines in October 2024 for a different kind of selective information - amass cognitive operation . Asfirst report by The Wall Street Journal , the China - linked hacking mathematical group compromised several U.S. telecommunication and net provider , including AT&T , Lumen ( formerly CenturyLink ) , and Verizon . The Journalreported later on in January 2025that Salt Typhoon also violate the U.S.-based cyberspace provider Charter Communications and Windstream . U.S. cyber official Anne Neuberger said the federal government had place an unknown ninth hacked phone service .
accord toone study , Salt Typhoon may have earn entree to these telcos using compromise Cisco routers . Once inside the telco ’s mesh , the attackers were able to accesscustomer call and text message metadata , include escort and fourth dimension tender of customer communications , rootage and destination IP addresses , and telephone numbers game from over a million user ; most of which were somebody site in the Washington D.C. area . In some cases the hackers werecapable of conquer earphone audio from senior Americans . Neuberger said that a “ large number ” of those who had data accessed were “ government prey of interest . ”
By hacking into systemsthat law enforcement agencies use for court - clear collecting of client data , Salt Typhoon also potentially advance accession to data and systems that house much of the U.S. governing ’s datum requests , including the possible identities of Chinese targets of U.S. surveillance .
It ’s not yet known when the rupture of the tap systems occur , but may date back to other 2024 , according to the Journal ’s reportage .
AT&T and Verizon told TechCrunch in December 2024that their connection were secure after being targeted by the Salt Typhoon espionage chemical group . Lumenconfirmed soon afterthat its connection was free from the hacker .
Silk Typhoon
The China - backed hacking chemical group antecedently do it as Hafnium quiet appeared again as the newly name Silk Typhoon after being linked to aDecember 2024 hack at the U.S. Treasury .
Ina missive to lawmakers seen by TechCrunch , the U.S. Treasury say in late December 2024 that the China - backed hackers used a key stolen from BeyondTrust — a company that provides identicalness access tech to big organization and governing department — to gain remote access to sure Treasury employee workstations , where they found internal documents on the department ’s unclassified connection .
Silk Typhoon is not a new threat radical , previously making headline in 2021 as Hafnium — as it was then known — forexploiting vulnerability in ego - host Microsoft Exchange e-mail serversthat compromise more than 60,000 organizations .
agree toMicrosoft , which trail thegovernment - back hack group , Silk Typhoon typically focalise on reconnaissance and data theft and is known for targeting health care system , practice of law firm , and nongovernmental organizations in Australia , Japan , Vietnam , and the United States .
First print October 13 , 2024 , and update .
