Summary
Chinese hackers are increasingly targeting sensitive U.S. systems, including federal agencies and infrastructure, by gaining long-term access. They aim to maintain this access for potential disruptive activities. Several China-based hacker groups have been linked to numerous cyberattacks over recent years, growing more sophisticated in their methods.
Key Facts
- Chinese hackers aim to maintain long-term access to U.S. systems, targeting areas like federal agencies and water utilities.
- At least three China-based hacking groups exploited SharePoint server weaknesses, compromising more than 400 systems.
- Hackers stole machine keys, allowing them to regain access even after system patches unless manual actions are taken.
- More than 330 cyberattacks linked to China were reported last year, as per CrowdStrike.
- The Volt Typhoon group targets U.S. infrastructure like pipelines and railways to prepare for potential disruptive actions.
- Silk Typhoon has targeting links to the U.S. Treasury Department using zero-day vulnerabilities.
- China is using private contractors to enhance capabilities and obscure state involvement.
- The U.S. Cybersecurity and Infrastructure Security Agency has reduced its workforce, affecting cyber defense capabilities.
