Of the cybersecurity dangers dealing with the US immediately, few loom bigger than the potential sabotage capabilities posed by China-backed hackers, which senior U.S. nationwide safety officers have described as an “epoch-defining menace.”
The U.S. says Chinese language government-backed hackers have — in some circumstances for years — been burrowing deep into the networks of U.S. crucial infrastructure, together with water, power, and transportation suppliers. The purpose, officers say, is to put the groundwork for doubtlessly damaging cyberattacks within the occasion of a future battle between China and the US, akin to over a attainable Chinese language invasion of Taiwan.
“China’s hackers are positioning on American infrastructure in preparation to wreak havoc and trigger real-world hurt to Americans and communities, if or when China decides the time has come to strike,” then-outgoing FBI Director Christopher Wray informed lawmakers final 12 months.
The U.S. authorities and its allies have since taken motion towards among the “Hurricane” household of Chinese language hacking teams, and revealed new particulars concerning the threats posed by these teams.
In January 2024, the U.S. disrupted “Volt Hurricane,” a gaggle of Chinese language authorities hackers tasked with setting the stage for damaging cyberattacks. Later in September 2024, federal authorities took management of a botnet run by one other Chinese language hacking group referred to as “Flax Hurricane,” which used a Beijing-based cybersecurity firm to assist conceal the actions of China’s authorities hackers. Then in December 2025, the U.S. authorities sanctioned the cybersecurity firm for its alleged position in “a number of laptop intrusion incidents towards U.S. victims.”
Because the emergence of Volt Hurricane, one other new China-backed hacking group referred to as “Salt Hurricane” appeared within the networks of U.S. cellphone and web giants, able to gathering intelligence on People — and potential targets of U.S. surveillance — by compromising telecom programs used for regulation enforcement wiretaps.
Right here’s what we’ve realized concerning the Chinese language hacking teams gearing up for battle.
Volt Hurricane
Volt Hurricane represents a brand new breed of China-backed hacking teams; not simply geared toward stealing delicate U.S. secrets and techniques, however somewhat making ready to disrupt the U.S. navy’s “capability to mobilize,” in keeping with the then-FBI director.
Microsoft first recognized Volt Hurricane in Might 2023, discovering that the hackers had focused and compromised community gear, akin to routers, firewalls, and VPNs, since at the least mid-2021 as a part of an ongoing and concerted effort to infiltrate deep into the programs of U.S. crucial infrastructure. The U.S. intelligence neighborhood stated that in actuality, it’s possible the hackers have been working for for much longer, doubtlessly for so long as 5 years.
Volt Hurricane compromised hundreds of those internet-connected units within the months following Microsoft’s report, exploiting vulnerabilities in units that have been thought of “end-of-life” and subsequently would not obtain safety updates. The hacking group subsequently gained additional entry to the IT environments of a number of crucial infrastructure sectors, together with aviation, water, power, and transportation, pre-positioning for activating future disruptive cyberattacks geared toward slowing the U.S. authorities’s response to an invasion of its key ally, Taiwan.
“This actor is just not doing the quiet intelligence assortment and theft of secrets and techniques that has been the norm within the U.S. They’re probing delicate crucial infrastructure to allow them to disrupt main companies if, and when, the order comes down,” stated John Hultquist, chief analyst at safety agency Mandiant.
The U.S. authorities stated in January 2024 that it had efficiently disrupted a botnet, utilized by Volt Hurricane, consisting of hundreds of hijacked U.S.-based small workplace and residential community routers, which the Chinese language hacking group used to cover its malicious exercise geared toward concentrating on U.S. crucial infrastructure. The FBI stated it was capable of take away the malware from hijacked routers by means of a court-sanctioned operation, severing the Chinese language hacking group’s connection to the botnet.
By January 2025, the U.S. had found greater than 100 intrusions throughout the nation and its territories linked to Volt Hurricane, in keeping with reporting by Bloomberg. Numerous these assaults have focused Guam, a U.S. island territory within the Pacific and a strategic location for American navy operations, the report stated. Volt Hurricane allegedly focused crucial infrastructure on the island, together with its predominant energy authority, the island’s largest cell supplier, and a number of other U.S. federal networks, together with delicate protection programs, based mostly on Guam. Bloomberg reported that Volt Hurricane used a wholly new sort of malware to focus on networks in Guam that it hadn’t ever deployed earlier than, which researchers took as an indication of the excessive significance that the area has to the China-backed hackers.
Flax Hurricane
Flax Hurricane, first outed by Microsoft a number of months later in an August 2023 report, is one other China-backed hacking group, which officers say has operated beneath the guise of a publicly traded cybersecurity firm based mostly in Beijing to hold out hacks towards crucial infrastructure lately. Microsoft stated Flax Hurricane — additionally energetic since mid-2021 — predominantly focused dozens of “authorities companies and schooling, crucial manufacturing, and knowledge expertise organizations in Taiwan.”
Then in September 2023, the U.S. authorities stated it had taken management of one other botnet, which was made up of a whole bunch of hundreds of hijacked internet-connected units, and utilized by Flax Hurricane to “conduct malicious cyber exercise disguised as routine web visitors from the contaminated client units.” Prosecutors stated the botnet allowed different China government-backed hackers to “hack into networks within the U.S. and all over the world to steal info and maintain our infrastructure in danger.”
The Division of Justice later corroborated Microsoft’s findings, including that Flax Hurricane additionally “attacked a number of U.S. and international firms.”
U.S. officers stated that the botnet utilized by Flax Hurricane was operated and managed by the Beijing-based cybersecurity firm, Integrity Know-how Group. In January 2024, the U.S. authorities imposed sanctions on Integrity Tech over its alleged hyperlinks to Flax Hurricane.
Salt Hurricane
The newest — and doubtlessly most ominous — group in China’s government-backed cyber military uncovered in latest months is Salt Hurricane.
Salt Hurricane hit headlines in October 2024 for a special sort of information-gathering operation. As first reported by The Wall Road Journal, the China-linked hacking group compromised a number of U.S. telecom and web suppliers, together with AT&T, Lumen (previously CenturyLink), and Verizon. The Journal reported later in January 2025 that Salt Hurricane additionally breached the U.S.-based web suppliers Constitution Communications and Windstream. U.S. cyber official Anne Neuberger stated the federal authorities had recognized an unnamed ninth hacked telco.
In accordance with one report, Salt Hurricane could have gained entry to those telcos utilizing compromised Cisco routers. As soon as contained in the telco’s networks, the attackers have been capable of entry buyer name and textual content message metadata, together with date and time stamps of buyer communications, supply and vacation spot IP addresses, and cellphone numbers from over 1,000,000 customers; most of which have been people positioned within the Washington D.C. space. In some circumstances the hackers have been able to capturing cellphone audio from senior People. Neuberger stated {that a} “massive quantity” of those that had information accessed have been “authorities targets of curiosity.”
By hacking into programs that regulation enforcement companies use for court-authorized assortment of buyer information, Salt Hurricane additionally doubtlessly gained entry to information and programs that home a lot of the U.S. authorities’s information requests, together with the potential identities of Chinese language targets of U.S. surveillance.
It’s not but recognized when the breach of the wiretap programs occurred, however could date again to early 2024, in keeping with the Journal’s reporting.
AT&T and Verizon informed TechCrunch in December 2024 that their networks have been safe after being focused by the Salt Hurricane espionage group. Lumen confirmed quickly after that its community was free from the hackers.
FIrst revealed October 13, 2024 and up to date.