“The US intelligence community assesses that China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems,” State Department spokesperson Matthew Miller said in a press briefing.
“It’s vital for government and network defenders in the public to stay vigilant.”
US agencies have been pushing for improved cybersecurity practices in its majority-privately held critical infrastructure industry, after the 2021 hack of the key Colonial Pipeline disrupted nearly half of the US East Coast’s fuel supply.
Intelligence agencies in the United States, Britain and their close allies issued an alert on Wednesday to warn about Volt Typhoon. Microsoft said the group had targeted critical infrastructure organisations in the US Pacific territory of Guam, and it was using the security firm Fortinet’s FortiGuard devices to break into target’s networks.
Researcher Marc Burnard, whose organisation Secureworks has dealt with several intrusions tied to Volt Typhoon, said Secureworks had seen no evidence of destructive activity by Volt Typhoon, but that its hackers were focused on stealing information that would “shed light on US military activities”.
NSA’s Joyce said there was no doubt Volt Typhoon was putting itself in position to carry out disruptive attacks.
“It’s clear that some of the entities on here are of no intelligence value,” he told Reuters of the critical infrastructure sites identified by the government.
Chinese foreign ministry spokesperson Mao Ning told reporters that the alerts issued by the United States, Britain, Canada, Australia and New Zealand were intended to promote their intelligence alliance – known as the Five Eyes – and it was Washington that was guilty of hacking.
“The United States is the empire of hacking,” Mao said.