Cyber Threats From China and Russia

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on June 15 that a number of government departments experienced intrusions linked to MOVEit, a file transfer software. The Russian ransomware gang known as CLOP or TA505 claimed responsibility for the attack, and posted a message on its site on the dark web, which reads (in all caps), “If you are a government, city, or police service, do not worry, we erased all your data.” On June 7, the CISA and the FBI issued a warning about CLOP exploiting vulnerabilities within MOVEit to steal data.

This marks the third time in three years that foreign hackers were able to breach U.S. government agencies. The latest attack comes just weeks after the targeting of crucial infrastructure in the United States and Guam by Chinese-linked hackers. This could be a training exercise to cut off communications between the United States and Asia in the event of a war. If a conflict between the United States and the Chinese regime were to break out, Guam would be a critical transit point for U.S. forces.

The 2023 Annual Threat Assessment of the U.S. Intelligence Community identified China and Russia as the largest threats to U.S. security, with cyber being a primary area of concern. The threat from the Chinese regime includes technology and information theft, surveillance, economic espionage, and cyber theft. Another dimension of the regime’s cyber threat to the United States is the information sphere, controlling information and disseminating propaganda and other misinformation. Moscow is considered a more successful purveyor of fake news and disinformation but poses a significant military and hacking threat, including cyber theft.

At the outset of the Russia-Ukraine war, Kremlin-linked hackers attacked military satellite communications in Ukraine. Russian military hackers also infiltrated European military networks, as well as energy and transportation infrastructure. Prior to the Russian invasion, Cadet Blizzard—a new hacking unit within the GRU (Russian military intelligence)—carried out operations targeting Ukrainian infrastructure. The group has been linked to other nefarious cyber activities, such as general attacks, defacement of websites, cyber espionage, collecting and sharing stolen data, and hack-and-leak operations. A different Russian hacking group has been implicated in the Mt. Gox hack, making off with roughly 850,000 bitcoins.

A major concern of the Department of Homeland Security (DHS) is a cyberattack against critical U.S. infrastructure. Another possibility is cyberattacks against U.S. military installations overseas. This type of attack could prevent the U.S. military from responding to a physical threat to the United States or its allies. Disrupting critical infrastructure services within the United States—such as energy infrastructure, oil and gas pipelines, and transportation systems—could cause general panic and chaos.

The Department of Energy (DOE) is among the U.S. agencies repeatedly targeted in cyberattacks. One of the victims of the latest attack was Oak Ridge National Laboratory, where nuclear research is conducted. The breach may have compromised the personal information of as many as tens of thousands of DOE employees and contractors.

The DHS is concerned about assaults on U.S. energy infrastructure. The U.S. grid is old and vulnerable to both cyber and physical attacks. Some 70 percent of transmission lines are at least 30 years old, while 60 percent of circuit breakers are over 35 years old. In 2022, 10.7 percent of cyberattacks targeted the energy industry, including an attack in February on Ohio-based Encino Energy. In March, the Energy Threat Analysis Center Establishment Act was introduced to Congress to enhance the protection of U.S. energy infrastructure.

Advanced and disruptive technologies are being developed that could neutralize U.S. defense assets. An electronic magnetic pulse (EMP) generated from a geomagnetic solar flare or a missile exploding in the atmosphere could cause all affected electronics to fail. As militaries worldwide become more reliant on cyber and space capabilities, hacking will become a more important weapon, damaging a country’s ability to wage war.