Logo
Daily Brief
Following
China's Silent Invasion: Hackers Embedded in America's Critical Infrastructure

China's Silent Invasion: Hackers Embedded in America's Critical Infrastructure

Volt Typhoon and Salt Typhoon campaigns position Beijing to disrupt power, water, and communications during a Taiwan crisis

Overview

Chinese hackers have burrowed deep into America's power grids, water systems, telecommunications networks, and transportation infrastructure—not to steal secrets, but to flip a kill switch. The Pentagon's December 2024 report confirms what intelligence agencies have warned: Beijing expects to fight and win a war over Taiwan by 2027, and cyber operations like Volt Typhoon have pre-positioned capabilities to cripple American response by shutting down pipelines, derailing trains, and severing communications between the mainland and Hawaii.

The threat isn't theoretical. FBI teams found Volt Typhoon malware lurking in critical systems for at least five years. Salt Typhoon compromised nine major US telecom providers, including AT&T and Verizon, accessing call records of over a million Americans and wiretapping phones belonging to presidential campaign staff. FBI Director Christopher Wray told Congress that Chinese cyber operatives outnumber FBI cyber personnel 50 to 1. CISA Director Jen Easterly called the 2024 CrowdStrike outage—which grounded flights and crashed hospitals—a dress rehearsal for what China has planned.

14 Sources:
+8
U.S. Department of Defense USNI News CISA FBI Wikipedia The Washington Post NPR Arms Control Association CyberScoop Bureau of Industry and Security U.S. Department of the Treasury Wikipedia Wikipedia Wikipedia

Key Indicators

50:1
Chinese hackers vs. FBI cyber personnel
FBI Director Wray's estimate of the numerical advantage Chinese cyber operators hold over US defenders
600+
China's operational nuclear warheads
Pentagon estimates arsenal will exceed 1,000 by 2030, part of broader military modernization
9
US telecom companies compromised
Salt Typhoon accessed AT&T, Verizon, T-Mobile, and others, monitoring over 1 million users
2027
China's Taiwan invasion readiness target
Pentagon reports PLA aims to achieve capability for 'strategic decisive victory' over Taiwan
$11B
Recent US arms sales to Taiwan
December 2024 package includes HIMARS, drones, and howitzers; $21.5B backlog remains undelivered
5 years
Minimum Volt Typhoon persistence
US agencies observed sustained access in victim IT environments, enabling deep infrastructure penetration

People Involved

Christopher Wray
Christopher Wray
FBI Director (Led federal disruption operations against Volt Typhoon)
Jen Easterly
Jen Easterly
CISA Director (Leading federal critical infrastructure defense efforts)
Xi Jinping
Xi Jinping
General Secretary of the Chinese Communist Party, President of China (Overseeing military modernization toward 2027 Taiwan capability goals)

Organizations Involved

VO
Volt Typhoon
State-sponsored hacking group (China)
Status: Active since at least 2021, ongoing threat to US infrastructure

Chinese state-sponsored hacking group embedding malware in US critical infrastructure to enable wartime disruption, not espionage.

SA
Salt Typhoon
State-sponsored hacking group (China)
Status: Active since 2022, still embedded in US telecom networks as of late 2024

Chinese espionage group that compromised nine US telecommunications companies, accessing call metadata and audio of high-profile targets.

Cybersecurity and Infrastructure Security Agency (CISA)
Cybersecurity and Infrastructure Security Agency (CISA)
Federal Agency
Status: Lead agency for critical infrastructure cybersecurity defense

Federal agency responsible for protecting US critical infrastructure from cyber and physical threats.

U.S. Department of Defense
U.S. Department of Defense
Federal Department
Status: Publishing annual assessments of Chinese military capabilities

Cabinet department overseeing US military, tracking Chinese military modernization and cyber threats.

Timeline

  1. Treasury Sanctions Chinese Cyber Company

    Sanctions

    US imposes sanctions on Sichuan Juxinhe Network Technology Co. for direct involvement in Salt Typhoon exploitation of telecommunications and internet service providers.

  2. Outbound Investment Restrictions Take Effect

    Regulation

    Treasury Department's final rule establishing Outbound Investment Security Program goes into force, requiring notification or prohibition of US investments in Chinese sensitive technology sectors.

  3. Ninth US Telecom Provider Compromised

    Investigation

    Officials reveal Salt Typhoon infiltrated additional carrier, bringing total to nine companies. FBI and CISA state they have no timeline for complete eradication of hackers from networks.

  4. Pentagon Releases China Military Power Report

    Assessment

    Annual report warns Volt Typhoon cyber operations embedded in US infrastructure aim to disrupt military response during Taiwan crisis. Confirms China expects to achieve invasion capability by 2027 with over 600 nuclear warheads and growing.

  5. Massive $11 Billion Arms Package to Taiwan

    Military

    Trump administration announces one of the largest arms sales in history: 82 HIMARS systems, 420 ATACMS missiles, 60 howitzers, and advanced drones to bolster Taiwan's defense capabilities.

  6. $385 Million Taiwan Arms Sale Approved

    Military

    Biden administration approves weapons package including F-16 spare parts and support, marking 18th arms deal to Taiwan during his presidency amid intensifying cross-strait tensions.

  7. Major Telecoms Confirmed Compromised

    Investigation

    Washington Post reveals AT&T, Verizon, and Lumen among carriers infiltrated by Salt Typhoon, with hackers accessing law enforcement wiretap systems and call records of over one million users.

  8. Salt Typhoon Breach First Reported

    Investigation

    Reports emerge that Chinese hackers compromised multiple US telecommunications providers in sophisticated espionage operation targeting government and campaign officials.

  9. CISA Chief Calls CrowdStrike Outage 'Dress Rehearsal'

    Statement

    Easterly warns that July's CrowdStrike software update—which grounded flights and crashed hospital systems—previews the chaos China could unleash by targeting infrastructure during conflict.

  10. Five Eyes Joint Advisory Issued

    Intelligence

    US, UK, Canada, Australia, and New Zealand publish coordinated cybersecurity advisory detailing Volt Typhoon tactics and urging critical infrastructure operators to hunt for compromise indicators.

  11. CISA Director: 'Tip of the Iceberg'

    Congressional Testimony

    Jen Easterly tells lawmakers that Volt Typhoon intrusions found across multiple critical infrastructure sectors represent only a fraction of the threat, warning 'very basic' security flaws enabled penetration.

  12. FBI Director Warns Congress of Infrastructure Threat

    Congressional Testimony

    Christopher Wray testifies that Chinese hackers are positioning to 'wreak havoc' on US critical infrastructure during Taiwan conflict. FBI announces court-authorized operation disrupted Volt Typhoon botnet on hundreds of routers.

  13. Biden Issues Outbound Investment Executive Order

    Regulation

    President announces restrictions on US investment in Chinese companies developing sensitive technologies including semiconductors, quantum computing, and artificial intelligence.

  14. Volt Typhoon Publicly Disclosed

    Intelligence

    Microsoft and Five Eyes intelligence agencies publish joint advisory revealing Chinese state-sponsored actors embedded in US critical infrastructure since at least mid-2021.

  15. Salt Typhoon Telecommunications Campaign Begins

    Cyber Operations

    Chinese hackers begin multi-year operation to penetrate US telecommunications providers, eventually compromising nine major carriers.

  16. Sweeping Semiconductor Export Controls

    Regulation

    Commerce Department implements dramatic export restrictions on advanced computing chips and manufacturing equipment to China, aiming to foreclose Beijing's ability to develop cutting-edge semiconductors.

  17. CHIPS Act Signed Into Law

    Legislation

    Biden signs $52 billion semiconductor manufacturing incentive package with restrictions barring recipients from expanding advanced chip production in China for ten years.

  18. Volt Typhoon Campaign Begins (Estimated)

    Cyber Operations

    Chinese state-sponsored hackers begin infiltrating US critical infrastructure systems including energy, water, communications, and transportation networks.

  19. Trump Administration Launches China Trade War

    Economic

    US imposed tariffs on $250 billion of Chinese imports after Section 301 investigation, marking escalation of strategic competition beyond traditional security domains into technology and trade.

Scenarios

1

China Invades Taiwan, Activates Cyber Kill Switches

Discussed by: Pentagon analysts, CISA Director Jen Easterly, FBI Director Christopher Wray, defense think tanks including CSIS and FDD

Beijing launches a military operation against Taiwan between 2027-2030, triggering pre-positioned malware in US critical infrastructure. Power grids fail across the Pacific coast. Water treatment plants shut down in Hawaii and Guam. Rail systems derail. Communications between the mainland and military bases in Asia go dark. The chaos delays US military mobilization by days or weeks—enough time for China to establish air and naval superiority around Taiwan and present the world with a fait accompli. American civilians experience the first homeland infrastructure attacks since Pearl Harbor, shattering the post-Cold War assumption of invulnerability.

2

US Hardens Infrastructure, Expels Chinese Hackers

Discussed by: Cybersecurity experts, Congressional China hawks, defense industry analysts

Spurred by the CrowdStrike wake-up call and bipartisan alarm over Salt Typhoon, Congress passes emergency funding for critical infrastructure security. Utilities and telecom providers face mandatory cybersecurity standards with teeth. The government expands Volt Typhoon disruption operations, systematically purging Chinese malware from energy, water, and transportation systems. New semiconductor export controls and supply chain restrictions further degrade China's ability to develop advanced cyber weapons. Taiwan receives accelerated arms deliveries and joint cyber defense integration. By 2027, US infrastructure resilience and Pacific military readiness substantially raise the cost of Chinese aggression, making invasion less attractive.

3

Cyber Détente Through Mutual Vulnerability

Discussed by: Arms control advocates, some academic researchers, former intelligence officials

Backchannel negotiations between Washington and Beijing acknowledge mutual cyber vulnerabilities—the US also maintains offensive capabilities in Chinese infrastructure. Both sides recognize that infrastructure attacks would escalate conflicts beyond control, causing humanitarian catastrophes and economic collapse on both sides. A tacit or formal agreement emerges: cyber espionage continues, but critical civilian infrastructure becomes off-limits, similar to Cold War norms around nuclear targeting of cities. The framework remains fragile and unverified, but provides some guardrails as strategic competition continues in other domains.

4

Accidental Escalation Triggers Crisis

Discussed by: Crisis simulation experts, former defense officials, International Crisis Group

A technical glitch, rogue hacker, or defensive countermeasure inadvertently triggers malware in US or Chinese infrastructure during a period of heightened tension—perhaps during military exercises near Taiwan or a naval incident in the South China Sea. Power goes out in San Diego or Shanghai. Both sides blame each other. Hawks demand retaliation. The accident occurs in an environment of deep mutual mistrust where neither side believes the other's denials. What began as a technical failure cascades into a diplomatic crisis or limited military exchange before cooler heads establish what actually happened. The incident forces both nations to confront how fragile crisis management has become in the cyber age.

Historical Context

Stuxnet: The First Cyber Weapon (2010)

2010

What Happened

The US and Israel deployed the Stuxnet worm against Iran's Natanz uranium enrichment facility, marking the first cyberattack that caused physical destruction of industrial infrastructure. The sophisticated malware infiltrated air-gapped systems via infected USB drives, altered programmable logic controllers, and destroyed 984 centrifuges by spinning them irregularly. Iran's nuclear program was set back at least a year without a single bomb dropped or missile fired.

Outcome

Short term: Delayed Iranian nuclear weapons development; demonstrated feasibility of cyber-kinetic attacks.

Long term: Opened Pandora's box of state-sponsored infrastructure cyberattacks; established precedent nations now invoke to justify offensive operations.

Why It's Relevant

Stuxnet proved cyberweapons can achieve strategic military objectives without traditional force. Volt Typhoon represents the mirror image: instead of destroying enemy infrastructure, China is pre-positioning to destroy American infrastructure, potentially with far broader civilian impact than Stuxnet's surgical targeting.

Cold War Soviet Espionage and Infrastructure Targeting

1947-1991

What Happened

Soviet intelligence services conducted extensive espionage operations inside the United States, stealing atomic bomb secrets, infiltrating government agencies, and mapping critical infrastructure. Unlike today's cyber operations, Soviet spies relied on human intelligence networks and attempted to sabotage diplomatic relationships. The KGB's focus on science, technology, and military secrets paralleled current Chinese cyber-espionage priorities, though the methods differed dramatically.

Outcome

Short term: USSR successfully stole nuclear weapons technology, accelerating their atomic bomb program by years.

Long term: Espionage rivalry persisted throughout the Cold War; many techniques and intelligence priorities continued into post-Soviet Russian operations.

Why It's Relevant

Today's US-China competition echoes Cold War dynamics: ideological adversaries, nuclear arsenals, global spheres of influence, and espionage focused on technological advantage. But China's cyber pre-positioning in civilian infrastructure is unprecedented—the Soviets never had the capability to remotely shut down American power plants from Moscow.

Pearl Harbor and Homeland Vulnerability (1941)

December 7, 1941

What Happened

Japan's surprise attack on Pearl Harbor killed 2,403 Americans, destroyed or damaged 19 ships and 328 aircraft, and shocked a nation that felt protected by two oceans. The attack demonstrated that geographic isolation no longer guaranteed security. It galvanized American entry into World War II and led to massive military mobilization and infrastructure hardening.

Outcome

Short term: US declared war on Japan; suffered temporary Pacific naval superiority loss; faced military mobilization challenges.

Long term: Transformed American strategic culture from isolationism to global engagement; established forward military presence as deterrence doctrine.

Why It's Relevant

Volt Typhoon represents a 21st-century Pearl Harbor scenario: a surprise attack on American homeland infrastructure designed to delay military response during a Pacific conflict. The difference is that Chinese hackers are already inside the target systems, waiting. The attack could begin before the first shot is fired over Taiwan.