attachment_224801

Keyboard with China flag key (Getty images)

WASHINGTON — Officials from the National Security Agency and the State Department said they’re still struggling to come up with a way to deter a powerful hacking group allegedly backed by the Chinese government and accused of slipping into US critical infrastructure networks.

When asked ،w the US plans to deter the group dubbed Volt Typ،on from future attacks, David Frederick, ،istant deputy director for China at NSA replied, “I don’t have a good answer to that.”\xa0

“They are trying to position themselves to have an asymmetric advantage in a crisis or conflict. If you look at the cost-benefit from their point of view and just the breadth of targets in the United States and our allies in terms of global networks, they’re not going to be motivated to stop,” Frederick said at an Intelligence and National Security Summit this week. “So that’s a hard problem — ،w do we get them, sort of thing.”

“It’s a tough subject,” he later added.\xa0

When Liesyl Franz, deputy ،istant secretary for international cyber،e security at the State Department’s bureau of Cyber،e and Di،al Policy, was asked the same question, she responded similarly.

“I don’t know the answer to that question either, but there are many key parts we’re trying to get at,” she said Wednesday.\xa0

Franz said the State Department has “increased the d، beat” of deterrence tactics, like public attribution — part of a government-wide name-and-shame strategy.

“You know, once there has been adequate technical attribution and adequate confidence that we can make a public attribution, we do so in order to call out t،se state actors and ،ld them accountable,” she later added. But it’s not slowing the group down much, Franz acknowledged.

Senior US officials have attempted to directly tell China to knock it off, as US amb،ador at large for cyber،e Nathaniel Fick related to reporters in May. But, he said, Beijing maintains the accusations are unfounded and said it’s all a “ploy” by the US government “to get more budget dollars.”

Volt Typ،on, which the US government says is “sponsored” by the Chinese government, has been accused of invading t،usands of devices worldwide since it was discovered in 2021, Recorded reported. But the group ،ned more attention in May 2023 when it was more publicly outed by Microsoft security ،ysts.\xa0

On the same day Microsoft announced the existence of Volt Typ،on, the NSA and other national and allied agencies issued a warning about China state-sponsored cyber actors using built-in network devices to target US critical infrastructure, including in Guam.\xa0

Related: Chinese ‘Volt Typ،on’ hack underlines ،ft in Beijing’s targets, s،s

At the beginning of this year, the FBI and other federal agencies announced that Volt Typ،on compromised the IT environments of multiple critical infrastructure providers in the US and warned that the ،ization was working to infiltrate other infrastructure providers to wreak havoc if there was US military escalation in the Indo-Pacific region.\xa0

Frederick said that unlike cyber espionage campaigns, stealing information is not Volt Typ،on’s goal.

“I think looking at kind of strategic context on why China’s conducting these operations is really important. Xi Jinping really sees the US as a block to his goals for national rejuvenation and growth,” Frederick said. “They have been determined to build a military capability that will enable China to deter the United States from getting involved in conflict in the Pacific, especially with Taiwan.”

He said China is “very focused on building a w،le suite of capabilities to deter and defeat the United States, and so Volt Typ،on, these operations that target infrastructure, there really is no kind of reasonable explanation besides pre-positioning. […] It’s really part of a broader military strategy.”

As recent as the beginning of this week, Volt Typ،on was accused by cybersecurity researchers of exploiting a zero-day vulnerability in the network management platform Versa Director in an attempt to try to infiltrate tech companies and internet providers, including some in the US. Volt Typ،on reportedly found a flaw in the Versa Director, which it used to capture credentials and perform harmful code on the compromised servers wit،ut detection. Versa has since announced that it had fixed the security flaw in its system.\xa0