FBI warned of Chinese malware 'low blows' before Change cyberattack

FBI Director Christopher Wray said Chinese efforts to embed malware inside U.S. critical infrastructure networks are at "a scale greater than we'd seen before" in remarks made days before a reported cybersecurity event affecting the nation's largest commercial prescription processor. 

Mr. Wray discussed the growing threat of Chinese hacking network Volt Typhoon on Feb. 18. after attending the Munich Security Conference, The Wall Street Journal reported. He said Beijing-backed actors were pre-positioning malware that could be instantly activated to disrupt critical infrastructure.

The director has consistently identified China as a growing threat to U.S. national security, and on Jan. 31 warned U.S. lawmakers that the escalating urgency of the threat requires more investment in the FBI's capabilities. 

"China's hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities," Mr. Wray said at the January subcommittee hearing. "If or when China decides the time has come to strike, they're not focused solely on political or military targets. We can see from where they position themselves, across civilian infrastructure, that low blows aren't just a possibility in the event of a conflict. Low blows against civilians are part of China's plan." 

The director's remarks arrived weeks and days before Change Healthcare, part of UnitedHealth Group, reported a "cybersecurity incident" that disrupted connectivity and healthcare billing and pharmacy operations at a large scale. 

No link to China has been reported and few details have been released about the nature of the cybersecurity issue, but an updated SEC filing states that UnitedHealth Group identified "a suspected nation-state associated cyber security threat actor" on Feb. 21 had gained access to some Change IT systems.

Change initially reported disruptions early on Feb. 21, issuing an alert one day later about "a cyber security issue" triggered by an outside threat. The company, part of insurer UnitedHealth Group, disconnected its systems after detecting the threat, disrupting health systems, hospitals and pharmacies nationwide and all military pharmacies worldwide.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Articles We Think You'll Like

 

Featured Whitepapers

Featured Webinars