The FBI disrupts China-based, state-backed hacking group


FBI chief Christopher Wray has told a US House subcommittee that his agency has disrupted a Chinese state-backed hacker group targeting US infrastructure.

The group’s strategy is simple:going by the name Volt Typhoon, the hackers infiltrate old software in small businesses, contractors, or local government networks and plant ‘sleeper’ malware. They then activate that malware at the opportune time to infect adjacent infrastructure networks. 

What kind of infrastructure? We’re talking everything from US naval bases to energy utilities and internet providers.

And why? Wray said the hackers are lying low “in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike [ie, to take Taiwan]”.

This is all commonly referred to as a ‘grey zone challenge’ – ie, playing in the space between war and peace, to do harm without crossing into armed conflict.

It can include sabotage, espionage, political influence, shadow wars, and using civilian functions (like the coast guard, customs, or courts) for strategic aims (like controlling a waterway, coercing a rival, or extracting a concession).

But the FBI’s announcement above is an example of how much tech is now radically expanding the grey zone into the cybersphere.

And of course, China isn’t the only player that dabbles in the cyber-grey:

  • The US has reportedly implanted 50,000 sleeper cells in routers around the world
  • The UK has accused Russia of carrying out a sustained ‘hack and release’ campaign to undermine social trust and cohesion
  • Microsoft also identified Iran last year as “a significant threat actor”, targeting mainly Israel, the US, Saudi Arabia, and the UAE
  • And Israel dishes it out too, infamously using a virus to destroy Iranian centrifuges (and a remote robot to assassinate a nuclear scientist)

But… why? As the above examples suggest, greyzone tactics in the cybersphere can have several objectives:

  1. Military advantage:China reportedly sought here to disrupt America’s state of readiness (to aid Taiwan), like Russia did to Ukraine
  2. Intel: Any information advantage can help shape and pre-empt adversaries’ decisions
  3. Testing: It’s a relatively cost-free way to test when and how states react, to better map their trigger points, redlines, and responses
  4. Weakening: Done ‘right’, you can diminish an enemy by halting their technological progress or fomenting confusion, mistrust, and conflict
  5. Cash: Some (like North Korea) just make hundreds of millions from cybercrime to bankroll government and elite spending (check out our ‘passport of the day’ below for one memorable example)

So, to close… cyber greyzone tactics are a bit like checking yourself out in a shopfront reflection: everyone does it, nobody admits it, it’s embarrassing if you get sprung, but there are few real consequences. At least, not yet.

INTRIGUE’S TAKE

The dark genius of the cyber greyzone tactic is just how hard it is for the target to calibrate a response. First, attribution is still tough, as hackers use all kinds of evolving techniques to mask their activity, identity, and location.

And second, even if you figure out who’s behind it, you then have to figure out how to respond. This presents a constant risk of under-reacting (emboldening the hackers) or over-reacting (triggering something worse).

You can see in the public domain how governments propose rules of the road, like ‘no hacking for commercial gain’, or ‘no attacking the health sector’, or ‘let’s all follow these UN norms for responsible behaviour’.

But really, it’s still the law of the jungle – or as international relations folks call it, reciprocity and deterrence. Don’t do unto me, or I’ll do unto you right back.

Latest Author Articles
Will Tulsi Gabbard be the next US spymaster?

Trump’s 2.0 cabinet picks were always going to be a source of intrigue, but none quite like Tulsi Gabbard, his nominee for Director of National Intelligence — it’s a job created after the September 2001 terrorist attacks to drive better intel oversight and coordination. Views on Gabbard range from American hero to Russian spy to […]

7 February, 2025
The kidnapping that’s rocked a region 

Imagine this: you’re slamming down that morning Pop-Tart® (frosted apple cinnamon, probably), when you get the call you’ve been waiting for — an opportunity to work on a dream project in Thailand. Your mind instantly runs wild with images of you absolutely chilling on a beach with a cocktail in hand (Sabai Sabai®, probably). Anyway, […]

5 February, 2025
Four global lessons from earnings week

Earnings calls used to be the exclusive domain of cigar-chomping capitalists, perhaps yelling “sell” at some quivering underling off-camera while an old-school ticker-tape hums. But we can confirm cigar-chomping diplomats also now follow this stuff — or should. If you’re willing to sift through the euphemisms and spin, these corporate events are full of insights into how […]

31 January, 2025
Something’s fishy under the Baltic Sea

We’ve long been debating when to brief you on the shenanigans under the Baltic Sea, but another single undersea cable getting severed is never quite enough to beat a dictator’s downfall, a new US president, or a Wall St meltdown. And that’s precisely the point of hybrid warfare: it’s about inflicting pain that’s never quite enough. Any damage to critical […]

29 January, 2025