Chinese hackers have infiltrated major U.S. internet service providers and "dramatically stepped up" their attacks to spy on millions of American customers, a top cybersecurity official told the Washington Post.
"It is business as usual now for China, but that is dramatically stepped up from where it used to be. It is an order of magnitude worse," said Brandon Wales, former executive director of the Cybersecurity and Infrastructure Security Agency (CISA).
The Chinese hackers exploited a software bug in a U.S. Secure Access Service Edge vendor, Lumen Technologies, an American telecommunications and security firm, identified in a blog post on Tuesday. The tech company wrote that the attack took advantage of an unidentified flaw in Versa Director—a software platform used to manage IT services for customers of California-based Versa Networks. CISA told the Post it agreed that Chinese hackers did exploit the flaw as Lumen reported.
The highly sophisticated hacks targeted at least two major providers and several smaller providers, people familiar with the matter told the Post. The targets of the attack are believed to include U.S. government and military personnel working undercover and groups of strategic interest to China.
"This is privileged, high-level connectivity to interesting customers," former FBI agent and researcher at Lumen Technologies Mike Horka said.
The evidence suggests that these recent attacks are largely focused on gathering intelligence, the Post reported Tuesday. There were, however, various techniques and resources used that match a December hack by a China-backed group known as Volt Typhoon that aimed to disrupt American infrastructure, such as communications and transportation systems.
The Chinese embassy in Washington denied the accusations, saying the American government created false hacks in order to incite panic.
"There are signs that in order to receive more congressional budgets and government contracts, the U.S. intelligence community and cybersecurity companies have been secretly collaborating to piece together false evidence and spread disinformation about so-called Chinese government’s support for cyberattacks against the U.S.," embassy spokesman Liu Pengyu said.