China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns

Hacks likened to “placing bombs in water treatment facilities, and power plants.”

Graham Cluley
Graham Cluley
@[email protected]

China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns

Got two-and-a-half hours to spare?

Maybe instead of settling down to watch “Mission: Impossible – Dead Reckoning Part One”, you could check out this video where FBI director Christopher Wray warned the US Congress earlier this week of the risks posed by Chinese state-sponsored hackers.

The CCP Cyber Threat to the American Homeland and National Security

As Wray described to the House select committee on the Chinese Communist party, a botnet operated by Volt Typhoon hacking group has been disrupted by law enforcement agencies.

The “vast majority” of affected routers are out-of-date NetGear and Cisco gear that are deemed to have reached their “end of life” and are no longer receiving security updates.

The routers were vulnerable to being recruited into Volt Typhoon’s so-called KV botnet if left unpatched. However, a court-approved US operation has deleted the malware from affected routers and took steps to prevent reinfection.

Sign up to our free newsletter.
Security news, advice, and tips.

According to the FBI’s Wray, Volt Typhoon is compromising small businesses and home office routers to hide the origin of future Chinese-backed cyber attacks.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict. Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”

Committee chairman Mike Gallagher said the attacks were the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants.”

Although it’s a headline-grabbing thing to say, there is some truth in it. We have seen cyber attacks by nation-states against water facilities and electricity grids in the past. If successful, such attacks could have a significant impact.

Russia, for instance, managed to cut off internet access for tens of millions of Ukrainians, and in a separate cyber attack disrupted the power grid in the war-torn country.

“There is no economic benefit for these actions. There is no intelligence-gathering rationale,” continued Gallagher. “The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”

Another speaker at the hearing was Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly:

“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes – all to ensure that they can incite societal panic and chaos and to deter our ability [to marshal a sufficient response].”

Hmm.. maybe snacking on popcorn while Tom Cruise prats around on a motorbike makes for a less troubling watch after all.

Mission: Impossible - Dead Reckoning Part One | The Biggest Stunt in Cinema History (Tom Cruise)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “China is hacking Wi-Fi routers for attack on US electrical grid and water supplies, FBI warns”

  1. Chris Pugson

    It's madness to connect utilities installations to the Internet. What idiots run these businesses?

    Perhaps they are controlled by the kind of idiots that ran, and still run, the Post Office. Managers are deluded that they are I.T. experts.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.