“It’s a time bomb,” summed up a parliamentarian. The United States is trying to find malicious computer code placed, according to Washington, by China at the heart of networks controlling critical infrastructure for the American army, assured Saturday July 29 the New York Times. This computer breach, known since May, is deeper and more worrying than initially estimated, according to army officials and intelligence interviewed by the daily.
The United States fears that hackers linked to Beijing have installed a computer program intended to be activated in the event of an armed conflict, for example around Taiwan, according to the newspaper. If the malicious code has not been detected in classified computer systems according to the same source, Washington is concerned that it will disrupt, once started, the electricity, drinking water and communication networks supplying US military bases, which could impede troop movements.
Sources cited by the New York Times also consider another theory: the Chinese would hope that a disruption of American infrastructure focuses the attention of citizens, too busy on this internal problem to pay attention to a conflict outside their borders.
The extent of the breach unknown
In late May, US and allied cybersecurity agencies accused a Chinese-sponsored “cyber actor” of infiltrating US “critical infrastructure” – allegations strongly denied by Beijing. Microsoft had for its part indicated that the group which would be at the origin, Volt Typhoon, had been active since mid-2021 and that it had targeted, among other things, essential infrastructure on the island of Guam. The latter hosts a major US military base in the Pacific Ocean and would be the centerpiece of any military response to an invasion or blockade of Taiwan. But after more than a year of work, U.S. officials still don’t know the full extent of the breach, according to the New York Times.
They said, however, in interviews over the past two months that the Chinese effort goes far beyond telecommunications systems. And that it predated the May report by at least a year. Currently, the administration is investigating whether the objective of the operation is primarily to disrupt the military, or more broadly civilian life in the event of conflict.
“The Biden administration is working tirelessly to defend the United States from disruption to our critical infrastructure, including coordinating interagency efforts to protect water systems, pipelines, rail and air systems, among others.” , hammered Adam R. Hodge, the acting spokesman of the National Security Council, whose remarks are reported by the New York Times. George Barnes, deputy director of the National Security Agency, said earlier in July that “China is unwavering and determined to penetrate our governments, our businesses, our critical infrastructure.”
“A report with serious shortcomings”
The email address of US Ambassador to China Nicholas Burns was hacked by Chinese hackers in early July, although the Chinese government has denied the incident was part of a large-scale attack. ladder. It is however not the only one. The hackers also accessed the email of Commerce Secretary Gina Raimondo, and that of Assistant Secretary of State for East Asian and Pacific Affairs Daniel Kritenbrink, a month after his visit to China with Secretary of State Antony Blinken, reports the business magazine Forbes.
For its part, Beijing is defending itself. “This is a report that has serious flaws and is extremely unprofessional,” Mao Ning reacted in May, a spokeswoman for the Chinese Ministry of Foreign Affairs. “It is clear that this is a collective disinformation campaign by the countries of the Five Eyes coalition, launched by the United States for geopolitical purposes,” she continued. The “Five Eyes” alliance is a collaborative intelligence network that includes Australia, the United States, Canada, the United Kingdom and New Zealand – countries that mostly have disputes with China, to varying degrees.
Western countries are increasingly worried about Beijing’s maneuvers in cyberspace. In mid-June, a subsidiary of Google had reported that a group of cyberattackers, visibly linked to the Chinese state, was responsible for a vast computer espionage campaign targeting in particular government agencies of several countries representing a strategic interest for Beijing. . The choice of targets was directly related to “high priority issues for China, especially in the Asia-Pacific region, including Taiwan”, noted Mandiant, Google cybersecurity specialist.