Ornamental dots. Two rows of three dots. The top row is a light blue. The bottom row is one light blue dot followed by two orange dots. Blog

The Chinese Communist Party’s Threat to US Critical Infrastructure

Daniel dos Santos, Forescout Vedere Labs and Alison King, VP, Government Affairs | February 1, 2024

Against the backdrop of global tensions in Israel, Ukraine, and the South China Sea, US officials testified before Congress that they disrupted a serious Chinese cyberattack aimed at embedding malware within the nation’s critical infrastructure.

At the heart of this revelation is a botnet compromising hundreds of small office and home routers controlled by Chinese hackers. This botnet was the cover for a nefarious plot to plant malware in critical sectors, including water treatment facilities, the electrical grid, and transportation systems.

Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, emphasized the digital global interconnectedness that allows crises to ripple across the planet, potentially endangering American lives through the crippling of essential services.


The Scope of the Threat

This incident is not isolated but part of a pattern of aggressive cyber activities by state-backed Chinese hackers, including China People’s Liberation Army. While these actions are not designed to cause immediate harm, they are strategic, laying the groundwork for potential future conflict at a place and timing of the Chinese Communist Party’s (CCP) choosing.

The increasing integration of connected devices in critical infrastructure networks heightens the complexity and susceptibility of security threats by the CCP. This assessment is not just theoretical; Forescout’s Vedere Labs research team has tracked a staggering 125 Chinese threat groups, with a significant portion engaging in information theft and espionage.

The CCP’s exploitation of connected devices, such as routers and IP cameras, reveals a critical vulnerability across our digital infrastructure. Often overlooked in cybersecurity strategies and enterprise networks, these devices have become gateways for significant breaches. The use of SOHO routers and IP cameras in sophisticated cyberattacks exemplifies the need for comprehensive security measures encompassing all aspects of our digital ecosystem.


A Call to Action

Exploiting vulnerabilities in end-of-life routers underlines a glaring oversight in the digital defense mechanisms that protect critical infrastructure. Furthermore, end-of-life device vulnerabilities ripple through critical infrastructure’s operational technology (OT) environments.

The US must continue to ensure operational collaboration across the government (federal, state, local, tribal, territorial) and private industry to address these risks. That means on an annual basis, cyber requirements must be identified and funded to ensure cyber security is in place and the continuity of operations is not interrupted.

More to the point, the government can’t do it alone; the private sector owns and operates 85% of our nation’s critical infrastructure. These entities across critical infrastructure must prioritize cybersecurity as an essential cost of doing business.

The perfect place to start is ensuring organizations have basic cybersecurity hygiene by maintaining visibility into their network devices (and their risk) and network traffic (and potential threats). Continuous monitoring solutions that empower SOC analysts to see all devices connected to their network (managed and unmanaged), control them, and secure them must be deployed.

The big thing to remember is that cyber risk is a business risk. The private sector must contribute to the country’s national security because, whether they acknowledge it or not, they are part of the “digital battlefield,” the US government can’t accomplish the mission to secure America alone.

Download Forescout 2023 Threat Roundup Report – 125 Chinese Threat Groups
Read the Report


Demo Request Forescout Platform Top of Page