The US authorities have used a court order to address the vulnerabilities in thousands of internet-connected devices that are being exploited by a Chinese hacking group targeting the US critical infrastructure. The group, known as APT40, has been spying on and compromising the US maritime, transportation, communications, utility and government sectors since 2021, according to the US officials and a source familiar with the matter.
The court order, which was obtained by the FBI and the Justice Department, allows them to update the vulnerable software used by the devices that are infected by the hackers. The devices are part of a network of industrial control systems that manage and monitor the operations of various critical infrastructure facilities. The hackers have been using the devices as a gateway to access and disrupt the sensitive data and functions of the facilities, and to potentially cripple them in the event of a US-China conflict.
The court order is part of a broader, government-wide effort to counter and deter the Chinese hacking campaign, which poses a significant threat to the US national security and economic security. The US authorities have been working closely with the private sector, especially the internet and cloud computing providers, to track and block the hackers’ activity, and to alert and assist the affected organizations. The US authorities have also been coordinating with the allies and partners, such as the UK, Australia, and Japan, to share information and expertise, and to impose sanctions and penalties on the hackers and their sponsors.
A brazen and persistent threat
The Chinese hacking group, APT40, is believed to be sponsored and directed by the Chinese government, and to be part of its Military-Civil Fusion strategy, which seeks to gain a strategic advantage over the US by acquiring advanced technologies and expertise. The group has been targeting the US critical infrastructure organizations that are related to the US military and defense capabilities, especially in the Pacific region, where the US and China have been competing and clashing over various issues, such as Taiwan, Hong Kong, and the South China Sea.
The group has been using sophisticated and stealthy techniques to infiltrate and manipulate the devices, such as exploiting the vulnerabilities in the software, sending phishing emails, and creating fake websites and domains. The group has also been using encryption and proxy servers to hide and protect its communications and operations. The group has been able to evade detection and removal by the US authorities and the organizations for a long time, and has been able to maintain and expand its foothold and influence in the US critical infrastructure networks.
A call for vigilance and cooperation
The US authorities have warned that the Chinese hacking campaign is still ongoing and active, and that the court order is not a permanent solution, but a temporary and partial measure to mitigate the impact and damage of the campaign. The US authorities have urged the organizations and the public to be vigilant and cautious, and to follow the best practices and guidelines to protect and secure their devices and networks. The US authorities have also called for more cooperation and collaboration among the countries and the international community, and for more action and pressure on the Chinese government, to stop and prevent the malicious and unacceptable behavior of the Chinese hackers.