China's Cyber Intrusions Took a Sinister Turn in 2024

In 2024, China's cyber activities against the United States escalated from traditional espionage to potential preparations for disruptive attacks on critical infrastructure. Early in the year, the FBI and other federal agencies announced the disruption of a Chinese botnet comprising outdated routers aimed at infiltrating U.S. critical infrastructure. However, this botnet, associated with the group known as Volt Typhoon, resurfaced later, continuing its malicious activities. Volt Typhoon was implicated in compromising the emergency services network of a major U.S. city and conducting reconnaissance on multiple American electric companies since early 2023. These actions suggest a shift from mere intelligence gathering to positioning for potential disruptive operations. U.S. authorities issued public alerts indicating that Volt Typhoon's behavior was inconsistent with traditional cyber espionage, assessing with high confidence that the group was preparing to move laterally within IT networks to operational technology assets to disrupt functions. Later in the year, another Chinese hacking unit, Salt Typhoon, was reported to have breached American telecommunications networks. A senior U.S. senator described this as the worst telecom hack in the nation's history. Despite efforts to mitigate these intrusions, officials acknowledged the ongoing nature of the threats, with uncertainties about the full extent of the adversaries' activities. Security experts emphasized that these developments serve as a warning to all organizations involved in international business or critical infrastructure services. The increasing sophistication and persistence of Chinese cyber groups highlight the need for heightened vigilance and robust cybersecurity measures to protect against potential disruptive attacks