FBI Director Christopher Wray in his opening statements (Director Wray’s Opening Statement to the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party — FBI) testified to the PRC’s pre-positioning of stealth implants in our critical infrastructure with the intent to use them to disrupt not only U.S. Foreign power, but also to undermine the very fabric of the day-to-day life of American citizens.
The PRC has been and continues to use cyber tradecraft to advance their economic and regional position in the global economy. Chinese APT groups target every facet of the U.S. and its allies socio-political and economic pillars. From collecting of data from TikTok to fuel their Artificial Intelligence development to theft of intellectual property to advance their strategy of China 20251.
Director Wray testified that the PRC hacking units outnumber the totality of the FBI cyber forces by 50-1. An organization this highly resourced, professionalized and determined is unlike anything most of the U.S. private industry, let alone critical infrastructure, has ever faced. The ability to investigate, discover, and weaponize zero days and other tradecraft cannot be underestimated or ignored.
PRC, Volt Typhoon and Living off the Land
The PRC’s latest campaign, Volt Typhoon, utilizes the nature of the internet as a hyperconnected system-of-systems to infiltrate critical infrastructure across the U.S. hacking small business and home office (SOHO) routers deployed to people’s home residence by internet providers allowed the PRC to effectively “ride” legitimate connections upstream into their targets. Once they achieved a foothold on the deployed routers, they used legitimate commands to evade detection by security products – aka “Living off the Land.”
Trust but Verify
Conclusion - Are you ready?
With the current direction of the PRC Communist party, this situation will continue. Defending yourself is more than a cybersecurity or business decision… It is one of national security. Ensuring your defensive readiness is at its optimal state is key to limiting the PRC’s damage to U.S. economic and national security, as well as ensuring that your business continues to compete in the national and global markets. How is your organization currently assessing and validating your cyber defense readiness against prioritized threats like this?