Hackers backed by the Chinese government have intensified their attacks on US internet providers in recent months to spy on users, targeting two major US providers with millions of customers, according to a report by The Washington Post.
The attacks are believed to be focused mainly on gathering intelligence, using techniques linked to the Chinese-backed group Volt Typhoon. This group had previously attempted to gain access to equipment at Pacific ports to enable China to disrupt the US’s ability to move troops and supplies to Taiwan in the event of a conflict between China and Taiwan.
Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency (CISA), stated, “It is business as usual now for China, but that is dramatically stepped up from where it used to be. It is an order of magnitude worse.”
China has denied any connection to Volt Typhoon. In response to the recent allegations, a spokesperson for the Chinese embassy in Washington stated, “‘Volt Typhoon’ is actually a ransomware cybercriminal group who calls itself the ‘Dark Power’ and is not sponsored by any state or region.”
“There are signs that in order to receive more congressional budgets and government contracts, the U.S. intelligence community and cybersecurity companies have been secretly collaborating to piece together false evidence and spread disinformation about so-called Chinese government’s support for cyberattacks against the U.S.,” the spokesman added.
Researchers at Lumen Technologies claimed they identified three US internet service providers (ISPs) that were hacked over the summer. According to The Washington Post, Lumen reported finding malware within ISP routers that could intercept passwords for various groups and customers. Lumen also suggested that this malware was being used by Volt Typhoon.
