US confronts China over Volt Typhoon cyber espionage on infrastructure

SAN FRANCISCO: US officials confronted the Chinese government in Beijing last month about a sweeping cyber espionage campaign through which Chinese hackers have broken into dozens of American critical infrastructure organizations, a senior US cyber official said.

Under the campaign named Volt Typhoon, American officials say China aims to leverage the access it has gained into US organizations in the event of a war or conflict - a nod to escalating US-China tensions over Taiwan. The Chinese have previously dismissed such allegations as groundless.

"We have had direct conversations with the Chinese about it," Nathaniel Fick, US ambassador at large for cyberspace and digital policy, told Reuters in an interview at the RSA Conference in San Francisco on Tuesday (May 7).

"We raised it directly with the Chinese government at very senior levels and made clear that this kind of behavior is dangerous, escalatory, and it's not acceptable," Fick said. He said he spoke to the Chinese officials with US Secretary of State Antony Blinken, who was in China from April 24 to 26.

Asked how the Chinese responded, Fick said: "Same way they have to previous attributions ... They have said before that it's a ploy by various US agencies to get more budget dollars."

"CHINESE TARGETING OF OUR CRITICAL INFRASTRUCTURE IS BROAD"

The Chinese embassy in Washington did not immediately respond to a request for comment on Wednesday.

The US and several of its allies sounded the alarm on the campaign a year ago, warning that the Chinese could launch cyberattacks against oil and gas pipelines, rail systems and other critical industries.

It is unclear how many US organizations have been compromised by the hackers, but "any number we give you is likely an underestimate," said Brandon Wales, the executive director of the U.S. Cybersecurity and Infrastructure Security Agency, during a separate media briefing at the same conference.

"Chinese targeting of our critical infrastructure is broad-based," he added.

"It is against a broad swath of small and medium-sized companies that are potentially critical in individual supply chains, or just capable of causing societal panic in some place around the country.