Chinese hackers have at times secretly hidden in U.S. infrastructure for up to five years, ready to conduct a potentially destructive cyberattack if the two countries were to go to war, federal agencies said Wednesday.
The claim was published in a public cybersecurity warning, one of the largest and starkest of its kind, from six U.S. agencies, as well as allied cybersecurity and intelligence agencies from Australia, Canada, New Zealand and the U.K.
Over the past year, U.S. officials have repeatedly issued warnings that hackers working for China’s intelligence services keep gaining stealthy access to U.S. infrastructure. They feared such access could turn into a destructive cyberattack in the event of a major conflict, like China invading Taiwan, as the U.S. has said it would come to Taiwan’s aid.
The report doesn’t name any specific victims, but said the “PRC state-sponsored” hackers have targeted key infrastructure, “primarily in Communications, Energy, Transportation Systems, and Waste and Wastewater Systems Sectors — in the continental and non-continental United States and its territories.”
One characteristic of the campaign is how stealthy the hackers’ tactics are, making it difficult for owners of infrastructure companies to know they’ve been hacked. The report is the first public indication that China’s hackers have been working at the project for so long, or that they’ve gained access for so many years without being noticed.
While the U.S. generally does not condemn other nations for using their intelligence services to conduct cyberespionage — and does not deny engaging in that practice — the report says that this campaign appears to be hackers positioning themselves purely to have the potential capability to wreak havoc across the country.
The hackers’ “choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations,” the report says. “The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.”
China consistently denies most hacking allegations from Western governments and private cybersecurity companies. In an emailed statement about Wednesday’s report, the spokesperson for China’s embassy in Washington, Liu Pengyu, said that “China does not encourage, support or condone attacks launched by hackers.”
Last week, FBI Director Christopher Wray said that the same hacking campaign showed how “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”