U.S. government officers and cybersecurity experts are warning that the Chinese military is allegedly attempting to infiltrate critical infrastructure, including power and water utilities and transportation systems in the U.S.

The Washington Post reported, referencing unnamed officials and security experts, that hackers allegedly affiliated with China’s People’s Liberation Army have burrowed into the computer systems of about two dozen critical entities over the past year. The intrusions are said to be part of broader efforts to develop ways to sow panic, create chaos and snarl logistics in the event that war breaks out between the U.S. and China.

The report claims that victims allegedly targeted by Chinese hackers include a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline. The hackers are also said to have attempted to hack the operator of the Texas power grid. The alleged victims are not only within the U.S., with “several entities” outside the U.S. also claimed to have been targeted.

So far, at least, none of the intrusions was found to affect industrial control systems that operate critical functions. However, targeting a utility in Hawaii is notable because it’s the home of the U.S. Pacific Fleet. Taking out a utility in the event of war could disrupt efforts to deploy troops and equipment.

The report, while interesting in itself, is arguably an update to previous reports, particularly reports on the alleged China-based state-sponsored hacking group, Volt Typhoon, which it also mentions.

Microsoft Corp. researchers warned in May that Volt Typhoon, which has been active since mid-2021, was suspected of preparing to disrupt U.S.-Asia communication networks in potential crises. The sectors the group targets include communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education.

Volt Typhoon campaigns emphasize stealth, using advanced techniques such as living-off-the-land binaries of LOLBins and hands-on-keyboard activity. The group’s tactics include gathering credentials, staging data for exfiltration, and maintaining persistence in compromised systems using valid credentials.

The National Security also published a Joint Cybersecurity Advisory alongside authorities from Australia, Canada, New Zealand and the U.K. — the so-called Five Eyes countries — containing a guide for the tactics, techniques and procedures employed in the allegedly Chinese state-sponsored attacks.

“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis,” Brandon Wales, executive director of the Cybersecurity and Infrastructure Security Agency, told the Washington Post. “That is a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”

Image: Territory of Amerian Canada/Wikimedia Commons