Potential Chinese hackers poised for assault on crucial American infrastructure, asserts FBI director
In a recent hearing before the House Select Committee on the Chinese Communist Party, FBI Director Christopher Wray warned of the increasing threat posed by state-linked hackers from the People's Republic of China to the US critical infrastructure.
According to the Cybersecurity and Infrastructure Security Agency (CISA), these hackers have been evolving their threat activity, potentially aiming to create societal panic and chaos. The CISA has discovered and eliminated China-linked intrusions in multiple sectors, including telecommunications, energy, aviation, and water infrastructure.
One of the concerns is the long-term strategic access these hackers are seeking. They have infiltrated systems across federal agencies, water utilities, power grids, telecommunications, and military networks, with campaigns like Volt Typhoon and Salt Typhoon revealing attempts to maintain covert access that could enable disruptive or destructive attacks in the future.
These hackers are not just conducting classical espionage but are deliberately establishing backdoors and persistent access that can be exploited later. They have been stealing machine keys and breaching U.S. Army National Guard networks, exposing administrator credentials, network layouts, and personally identifiable information of personnel.
Although intentions behind these breaches remain partially unclear, U.S. federal agencies believe these actions serve as a prepositioning to allow disruption in case of geopolitical escalation, especially around Taiwan. The scale of attacks is growing—Chinese-linked cyberattacks doubled from 2023 to 2024 and kept increasing into 2025, doubling previous years’ counts and targeting technology providers serving many government customers.
The U.S. government is actively trying to analyze and mitigate these threats, further underscored by legislative efforts such as the Strengthening Cyber Resilience Against State-Sponsored Threats Act. However, this act focuses primarily on Chinese threats without fully addressing others.
Experts warn that these hacker groups pose a clear and present danger to critical infrastructure operations, national security, and public safety. The FBI and Department of Justice have disrupted a botnet linked to the Volt Typhoon threat campaign, but the threat from China has been growing for years and is increasingly outpacing the ability of cybersecurity experts to keep up with all the activity.
Officials have used the testimony as a call to action, urging companies that have been compromised to immediately share that information with CISA or local FBI offices for intelligence-sharing purposes. The evolving role of CISOs involves better understanding the risk calculus of technology stacks to answer the question of whether the organization is a potential target.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, has said that China-linked hackers have been burrowing deep into U.S. critical infrastructure for years. The targeted critical infrastructure includes water treatment plants, oil and natural gas pipelines, transportation systems, and the electric grid. The attacks by state-linked hackers, as warned by officials, could cause mass disruption and panic across the U.S.
Easterly has provided an example of the potential panic caused by a cyberattack, using the Colonial Pipeline ransomware attack in 2021. The disrupted botnet was installed with KV Botnet malware on hundreds of small office/home office routers in the U.S., with the aim of targeting critical infrastructure providers through the compromised hosts.
Sandra Joyce, VP of Mandiant Intelligence at Google Cloud, has stated that Volt Typhoon works hard to reduce the signatures used to hunt them across networks. Volt Typhoon is a threat actor that focuses on targeting U.S. critical infrastructure while staying below the radar and changing their activity to avoid detection.
Easterly has criticized the technology industry for continually building products with security flaws, making critical infrastructure providers more susceptible to malicious hacking. Corporate stakeholders are seeking to better understand the risk calculus of their technology stacks, with the question being: Are we a target?
In summary, Chinese state-linked hackers currently maintain a strategic position of concern regarding U.S. critical infrastructure by quietly embedding themselves in key systems with the potential to disrupt or disable vital services if geopolitical tensions escalate. The U.S. is responding with intensified cybersecurity measures, persistent threat assessment, and legislative efforts to improve resilience.
- The increasing threat posed by state-linked hackers from the People's Republic of China to the US critical infrastructure has been highlighted by the FBI Director Christopher Wray, potentially involving cyber attacks using ransomware and malware.
- The Cybersecurity and Infrastructure Security Agency (CISA) has reported that these hackers are evolving their threat activity, aiming for long-term strategic access and seeking to create societal panic and chaos in various sectors like telecommunications, energy, aviation, and water infrastructure.
- Experts warn that these hacker groups pose a clear and present danger to national security, public safety, and general news, with their attacks growing in scale over time, significantly outpacing the ability of cybersecurity experts to keep up with the activity.
- The evolving role of Chief Information Security Officers (CISOs) is to better understand the risk calculus of technology stacks, helping organizations determine whether they are potential targets for such cyber threats, especially those related to war-and-conflicts and politics.
