US confronts China over Volt Typhoon cyber espionage

By Thomson Reuters May 8, 2024 | 4:18 PM

By Zeba Siddiqui

SAN FRANCISCO (Reuters) – U.S. officials confronted the Chinese government in Beijing last month about a sweeping cyber espionage campaign through which Chinese hackers have broken in to dozens of American critical infrastructure organizations, a senior U.S. cyber official said.

Under the campaign named Volt Typhoon, American officials say China aims to leverage the access it has gained into U.S. organizations in the event of a war or conflict – a nod to escalating U.S.-China tensions over Taiwan. The Chinese have previously dismissed such allegations as groundless.

“We have had direct conversations with the Chinese about it,” Nathaniel Fick, U.S. ambassador at large for cyberspace and digital policy, told Reuters in an interview at the RSA Conference in San Francisco on Tuesday.

“We raised it directly with the Chinese government at very senior levels, and made clear that this kind of behavior is dangerous, escalatory, and it’s not acceptable,” Fick said. He said he spoke to the Chinese officials with U.S. Secretary of State Antony Blinken, who was in China from April 24 to 26.

Asked how the Chinese responded, Fick said: “Same way they have to previous attributions … They have said before that it’s a ploy by various U.S. agencies to get more budget dollars.”

The Chinese embassy in Washington did not immediately respond to a request for comment on Wednesday.

The U.S. and several of its allies sounded the alarm on the campaign a year ago, warning that the Chinese could launch cyberattacks against oil and gas pipelines, rail systems and other critical industries.

It is unclear how many U.S. organizations have been compromised by the hackers, but “any number we give you is likely an underestimate,” said Brandon Wales, the executive director of the U.S. Cybersecurity and Infrastructure Security Agency, during a separate media briefing at the same conference.

“Chinese targeting of our critical infrastructure is broad-based,” he added.

“It is against a broad swath of small and medium-sized companies that are potentially critical in individual supply chains, or just capable of causing societal panic in some place around the country.”

(Reporting by Zeba Siddiqui in San Francisco; Editing by Matthew Lewis)