The Volt Typhoon hacks that targeted U.S. critical infrastructure won’t be the last of their kind, according to a Marine Corps cyber leader.

The Chinese intrusion affected organizations spanning the communications, utilities, education and government sectors including in Guam, a key foothold for American forces in the Indo-Pacific. The incident was disclosed in May 2023, with Microsoft describing the years-long operation as hard to detect and malicious.

The attack is likely to inspire copycats, said Maj. Gen. Lorna Mahlock, the commander of the Cyber National Mission Force. The CNMF, part of Cyber Command, deploys around the world to unearth malware and fortify digital defenses.

“I think we’re seeing Volt Typhoon activity continuing to persist. That’s in open source. We’re also seeing other actors using the tactics, techniques and procedures,” Mahlock said April 30 at the Modern Day Marine defense conference in Washington. “The greatest form of flattery is to copy.”

U.S. officials have long considered China a serious cyber hazard, with the International Institute for Strategic Studies think tank placing it in the second tier of its cyber powerhouse rankings alongside Russia. The Pentagon’s 2023 cyber strategy warned both Beijing and Moscow are prepared to unleash cyberattacks on critical infrastructure and defense networks should war break out.

The groundwork is being laid today. Volt Typhoon relied on so-called living-off-the-land techniques to lurk around vital systems and go largely unnoticed.

Attacks on critical infrastructure — food and water delivery, health care services, defense contracting and more — could jeopardize U.S. military response across the world as well as a sense of stateside calm. A ransomware attack on Colonial Pipeline in 2021 resulted in a run on fuel across the Southeast and aggravated concerns about energy security.

“Open-source reporting talks about this actor, out of China, who has access to our critical infrastructure and some of our key capabilities. Why? Not just for foreign intelligence-collection,” Mahlock said.

“We’ve seen this actor, China, grow in scope, scale and sophistication,” she added. “We’ve also seen that they’re undeterred.”

Colin Demarest was a reporter at C4ISRNET, where he covered military networks, cyber and IT. Colin had previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.

Share:
More In Cyber