China’s “Ugly Gorilla” Haunts US; FBI Director Calls World’s Largest Hacking Program ‘Defining Threat’ Of Our Generation

By Vaishali Basu Sharma

In a hearing conducted by the United States House Select Committee on Strategic Competition between the United States and the Chinese Communist Party on Jan 31, 2024, Federal Bureau of Investigation (FBI) director Christopher Wray testified on the growing threat of Chinese cyberattacks against the USA. The hearing deliberated on the risks presented by Chinese cyber warfare units. 

In his opening statement, Chairman of the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party, Mike Gallagher, said: “Over 20 years, the CCP has been attacking us, our government, our defense contractors, our technology firms in cyberspace that is a fact and for a long time these attacks were focused on theft just robbing us of valuable technology that was then used to drive their military modernization, a really unprecedented military modernization but another focus of attack has been gathering sensitive information on hundreds of millions of Americans with attacks on companies like Anthem health.”

Committee Chairman and Republican Congressman Mike Gallagher was alluding to the biggest single data breach of electronic healthcare data in history when the records of millions of patients were compromised.

Beginning with a phishing email, attackers were able to plant malware on the company’s system and gain remote access to confidential information. Anthem publicly acknowledged the data breach in early February 2015. The data exfiltration happened almost a decade ago, but it remains, to date, the worst single data breach. Investigators said the sophistication of the attack pointed to a nation-state.

According to the US Federal Bureau of Investigation (FBI), China’s vast hacking program is the world’s largest, and they have stolen more Americans’ personal and business data than every other Nation combined.

Calling out the cyber threat to the American homeland from China as ‘outrageous, active and direct’ Chairman Mike Gallagher said that American “intelligence and cyber security agency have discovered that the CCP has hacked into American critical infrastructure for the sole purpose of disabling and destroying our critical infrastructure in the event of a conflict a conflict over Taiwan.”

This critical infrastructure was the cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants, which would impact the US military and its ability to surge forces forward in the event of a conflict, which “would inevitably result in chaos, confusion, and potentially mass casualties.”

Warning: if this threat is not addressed, then the CCP will have the ability to “shut down cities and cause massive loss of American lives,” the committee emphasized the need to step up and defend critical infrastructure through layered cyber deterrence. This would require ‘unprecedented collaboration between the public and private sectors.’

With an FBI wanted poster displaying images of ‘UglyGorilla’ and ‘KandyGoo’ aliases used by members of unit 61398-CCP hackers working for the People’s Liberation Army (PLA), ranking member Raja Krishnamoorthi said that the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), FBI and their Five Eyes partners had released a joint advisory about a cyber campaign titled ‘Volt Typhoon.’

It said that the CCP cyber attacks targeted US critical infrastructure, including American power and utility systems, oil and gas pipelines, and rail systems, among others.

CCP hackers access the computer systems of about two dozen critical entities, including in Hawaii and Guam. He said that the purpose of the hacking was not to gather intelligence but to install malware that, once activated, would disrupt or damage the infrastructure. PLA strategists openly discuss coordinating missile strikes with cyber attacks as part of its offensive operations.

A significant testimony was that of FBI Director Christopher Wray. Declaring that China’s multi-pronged assault on US national and economic security makes it the “defining threat of our generation,” Wray said that when China decides the time has come to strike, they’re not focused just on political and military targets, but across civilian infrastructure that low blows against civilians are part of China’s plan.

He said the PRC’s Cyber Onslaught goes way beyond prepositioning for future conflict today. Literally every day, they are actively attacking US economic security, engaging in wholesale theft of innovation and personal and corporate data.

The PRC cyber threat is made vastly more dangerous by the way they knit cyber into a whole government campaign, recruiting  human sources to target businesses, “using  insiders to steal the same kinds of innovation and data that their hackers are targeting while also engaging in corporate deception hiding Beijing’s hand in transactions, joint ventures, and investments to do the same.”

china
China’s cyber warriors For Representation Only. (File Image)

He emphasized the need “to remain vigilant and actively defend against the threat that Beijing poses; otherwise, China has shown it will make us pay.”

Other top intelligence and cyber officials testifying at the hearing included General Paul Nakasone, Commander of the United States Cyber Command; Jen Easterly, director of Cybersecurity and Infrastructure Security Agency; and Harry Coker, Jr., director at the Office of the National Cyber Director. Declaring that the “People’s Republic of China poses a challenge unlike any our nation and all allies have ever faced,” US Cyber Commander Gen. Paul Nakasone said that computing fiercely in the information domain PRC cyber actors are pre-positioning in US critical infrastructure and is not acceptable.

Stating that the “threat is not theoretical,” Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency, recommended robust operational collaboration with industry and government to uncover additional malicious Chinese activity and to develop ways to detect it more rapidly.

Operating under the People’s Liberation Army (PLA), these Chinese cyber warfare units have been implicated in various high-profile cyber-attacks targeting both civilian and military entities worldwide.

Overall, US officials believe that diverting from its historical focus on stealing state secrets and espionage, China has shown a new interest in preparing and launching destructive cyberattacks against infrastructure and critical services. The driver for China laying the foundation for cyberattacks is to hinder the United States’ ability to help Taiwan during a potential invasion.

  • Vaishali Basu Sharma is an analyst of strategic and economic affairs. She was in a consulting role with India’s National Security Council Secretariat (NSCS) for nearly a decade. She is presently associated with the New Delhi-based think tank Policy Perspectives Foundation.
  • The author can be reached at postvaishali (at) gmail (dot) com.