Meet the Chinese hackers 'Typhoon' who are preparing for war.

The threat from China-backed hackers has become one of the most serious risks in the field of cybersecurity facing the United States. High-ranking officials in the country have described this phenomenon as a "defining threat of the era." In recent months, intelligence reports have indicated that these government-backed hackers have been infiltrating the networks of critical infrastructure in the United States, including the water, energy, and transportation sectors. The goal, according to authorities, would be to lay the groundwork for devastating cyberattacks in the event of a future conflict between the United States and China, such as a potential invasion of Taiwan by Beijing.

Christopher Wray, the FBI director, warned that these hackers are positioning themselves in U.S. infrastructures to cause havoc and impact local communities when the Chinese government decides to act. In response, the U.S. government and its allies have begun taking action against hacker groups like the "Typhoon" family, publishing additional information about the threats they pose.

In January, authorities disrupted the operations of a group known as "Volt Typhoon," which had been tasked with laying the groundwork for destructive cyberattacks. In September, the FBI also took control of a botnet operated by another group called "Flax Typhoon," which posed as a private company in Beijing and helped conceal the activities of government-backed hackers. Subsequently, a new group called "Salt Typhoon" emerged, capable of gathering information on Americans and potential surveillance targets in the U.S. by compromising interception systems from telecommunication and internet providers.

Volt Typhoon represents a shift in the strategy of Chinese hackers, who are no longer limited to simply stealing secrets but are preparing to disrupt the military capabilities of the U.S. Microsoft identified this group in May 2023, revealing that it had attacked and compromised network equipment since mid-2021. It is estimated that the hackers could have been active for an even longer period, affecting thousands of internet-connected devices in their attempt to infiltrate critical sectors such as aviation, water, energy, and transportation. This could facilitate future disruptive cyberattacks.

On the other hand, Flax Typhoon was exposed in an August 2023 report, operating under the guise of a public cybersecurity company in Beijing. In September, U.S. authorities intervened against a botnet controlled by this group, which used a customized variant of malware. This botnet had been utilized to carry out malicious cyber activities disguised as regular internet traffic.

Finally, Salt Typhoon has been the most recent and concerning group discovered. They have been linked to penetrating the interception systems of various U.S. telecommunications and internet providers. They reportedly gained access through compromised routers, and the government is still in the early stages of investigating this breach, which could have catastrophic consequences by exposing critical data and potentially identifying U.S. surveillance targets.