US Military Faces Dual Cyber Threats: Chinese 'Volt Typhoon' Campaign and Internal Breach
Foreign Campaigns; Air Force Communications Compromised
Overt Operator
August 01, 2023
The US military is contending with a pair of significant cyber threats: the extensive and unresolved Chinese cyber campaign dubbed "Volt Typhoon" that has infiltrated military bases and a troubling internal breach compromising Air Force and FBI communications.
Administration officials have admitted that the extent of Volt Typhoon's malware is significantly larger than previously assumed. The malicious code has been discovered in many networks managing the communications, electricity, and water supply of US military bases, both domestically and overseas, as reported by The New York Times.
Additionally, the same networks extend to common businesses and individuals, creating a challenging task for investigators in determining the full extent of the infestation.
Chinese state-affiliated advanced persistent threat (APT), known as "Vanguard Panda" or "Volt Typhoon", garnered attention after Microsoft detected Chinese cyber activity in Guam, a site hosting a strategically significant US military base for Taiwan's defense against Chinese aggression. The initial assumption was that Volt Typhoon aimed to disrupt critical communication infrastructure between the US and Asia during potential crises.
However, what was revealed in May has evolved into a far larger campaign. The destructive capability of the malware, previously underestimated, has positioned the attackers to disrupt military response and supply chains in the event of a physical conflict.
The New York Times reported on July 29 that this Chinese effort extends beyond telecommunication systems, predating the May report by at least a year. Some experts referred to the campaign as "a ticking time bomb". Discussions continue within the administration on whether the operation's primary goal is disrupting military operations or broader civilian life in conflict situations.
Further complications arose on July 29 when Forbes reported a Pentagon-ordered raid on a 48-year-old engineer from the Arnold Air Force base in Tennessee. The engineer had reportedly taken home $90,000 worth of radio equipment, gaining unauthorized access to communication technologies used by the Air Education and Training Command (AETC), a division of the Air Force responsible for recruitment and training.
The search warrant revealed the engineer's computer running Motorola radio programming software, which contained the entire Arnold Air Force Base (AAFB) communications system. Evidence of unauthorized access to classified communications from the FBI and other Tennessee state agencies was also discovered.