US claims China-backed hackers targeted critical infrastructure

1 Feb 2024

Image: © EA09 Studio/

Tensions between the two countries appear to be growing, as the US claims hackers sponsored by China’s government took control of hundreds of US routers to conceal their activities.

US officials claim they disrupted an operation by Chinese state-sponsored hackers that was targeting critical infrastructure organisations.

The US statement – issued by the attorney’s office of the southern district of Texas – claims these hackers had taken control of hundreds of US-based small office and home office routers.

The authorities claim these hackers were part of a group known as Volt Typhoon, which infected these privately owned routers with malware to conceal their hacking activities.

The US operation removed the malware from the hacked routers and took steps to prevent any reinfection. FBI deputy director Paul Abbate said the organisation and its partners stand against “People’s Republic of China cyberactors that threaten our nation’s cybersecurity”.

“We remain committed to thwarting malicious activities of this type and will continue to disrupt and dismantle cyberthreats, safeguarding the fabric of our cyberinfrastructure,” Abbate said.

The vast majority of the compromised devices were Cisco and NetGear routers that were vulnerable because they had reached “end of life” status and were no longer supported for security patches or other software updates.

The US statement claims this hacking campaign is linked to an advisory warning issued by multiple cybersecurity authorities last year, which claimed that hackers sponsored by China’s government were “living off the land” in the US to evade detection.

“Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the advisory stated last year.

Cybersecurity tensions between the US and China rose significantly last year, after it was suggested that China-based hackers managed to gain access to data from multiple US government agencies – including the emails of the US ambassador to China.

The breach was linked with a wave of attacks that Microsoft attributed to China. The tech giant claimed a hacking operation managed to access the emails of 25 organisations on 15 May 2023 with “forged authentication tokens”. Microsoft didn’t investigate the issue until roughly one month later.

After that revelation, there were reports that hundreds of thousands of US government emails may have been compromised by the hacking campaign. A US senate staffer told Reuters last September that 60,000 emails from 10 US state department accounts were stolen by Chinese hackers.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic