Top US cyber agency hasn’t seen infamous Chinese hackers breach election infrastructure
Director of the Cybersecurity and Infrastructure Security Agency Jen Easterly delivers a speech during 'Kyiv international cyber resilience forum 2024. She told audiences at the Black Hat conference Aug. 7 that her agency had not seen evidence of the Volt Typhoon hacking collective being able to access voting infrastructure. Vladimir Shtanko/Anadolu via Getty Images
A pervasive hacking collective being tracked by U.S. intelligence agencies hasn’t been seen breaking into any election infrastructure, but visibility into the group’s activities still isn’t clear, according to CISA Director Jen Easterly.
LAS VEGAS — An hacking group tied to China’s central government that’s become infamous for burrowing into American critical infrastructure hasn’t been found infiltrating election systems, a top U.S. cyber official said Wednesday.
The entity, dubbed Volt Typhoon by intelligence and national security officials, has shown no indications of being able to access core election infrastructure deemed essential for voting, said Jen Easterly, who leads the Cybersecurity and Infrastructure Security Agency in DHS.
“Not that we have seen,” Easterly said on a panel at the Black Hat cybersecurity conference in Las Vegas when asked about Volt Typhoon’s activity targeting election fabric like voter registration databases and voting machines. But any area where it’s been detected is only “the tip of the iceberg,” she added.
“There’s so much that we don’t know, and this is a sophisticated actor. And so we have to assume they will be able to do things, and that’s why we need to prepare for it now,” she said, noting that the group has been found digitally spelunking into power, transportation, water and other sectors deemed critical to the functioning of the U.S. economy.
Volt Typhoon covertly hinges onto multiple networks of compromised equipment, including cameras and routers, that are used to form a data transfer network for the group to stage their infiltrations, officials said in May.
Its operations were slowed down earlier this after an FBI-led operation sent U.S. cyber warriors into one of the hackers’ staging grounds, known as a botnet, and jettisoned them. But it was just one of several digital footholds.
There’s “much we are not seeing” and U.S. companies need to build as much resilience into their networks as possible, Easterly later said in an on-site news conference with reporters.
Volt Typhoon first sounded alarms in 2021 when the group was spotted by analysts burrowing into infrastructure environments that had no immediate intelligence value, contradicting past Chinese cyberespionage.
The hackers have been using “living off the land techniques” that allow them to hide inside systems and bypass detection, U.S. reports say, noting that they have breached American facilities in Guam and other vital infrastructure in U.S. facilities both inside and outside the country. Their clandestine activities involve a tradecraft difficult to uncover because of the group’s reliance on stolen administrator credentials that allow them to more easily mask their exploits.