Serving tech enthusiasts since over 25 years. TechSpot is a trusted source for tech advice and analysis.
In brief: A FBI official has warned that state-sponsored cyberattacks are increasing against American critical infrastructure. China is emerging as the most persistent, active threat. This concern comes after high-profile breaches that were linked to Beijing-backed group, who infiltrated sectors such as telecommunications and energy, often going undetected for a long time.
In a recent interview with The Register’s Deputy Assistant Director Cynthia Kaiser, she explained that Chinese state-backed cybergroups use artificial intelligence throughout their attack operations. AI is a powerful tool that can increase the speed and efficiency in their efforts, even though she acknowledges that they don’t always succeed. These digital intruders are increasingly sophisticated and stealthy, infiltrating sectors like government, telecommunications and energy, and often remain undetected for long periods. Recent incidents have highlighted the persistence and scale of the threat. Volt Typhoon, for example, compromised hundreds of outdated routers in order to create a botnet that would infiltrate US infrastructure. This set the stage to destructive cyberattacks. Salt Typhoon, meanwhile, breached nine US telecommunications and government networks in the past year. More recently, it targeted over 1,000 internet-facing Cisco devices.
Kaiser pointed out that these groups often gain entry through basic methods and frequently target outdated or unsupported devices. She also noted that attackers often exploit unpatched vulnerability to gain access to systems, where they operate stealthily. Federal agents who responded in response to Volt Typhoon intrusions noted how adeptly attackers moved inside internal systems, transferring from business networks to operational technologies.
“That’s what we saw with Salt Typhoon as well: being able to move laterally and navigate, taking their time to get the access they want,” Kaiser said. “For us, it’s really been business as usual.”
The FBI continues to respond against nation-state actors, as well as financially motivated cybercriminals who are increasingly using AI to increase the speed and scope of their attacks.
According to the FBI, it closely monitors how artificial intelligence is integrated into cyber operations. It analyzes which countries adopt it and how often it appears at different stages of an attack. Kaiser says that China and cybercriminal organizations have used AI-driven tactics the most.
Cybercriminals are now using artificial intelligence to automate tasks like creating fake business profiles and crafting convincing spear-phishing emails with large language models. Kaiser stressed, however, that attackers are still in the exploratory stage and have not yet adopted AI to fully automate end-to-end attack. In many cases they use the technology for specific parts of a marketing campaign, rather than building advanced tools like polymorphic malicious code.
AI’s practical impact on cyberattacks is evident. Once an attacker has infiltrated a network, AI can help them map it and determine their next move. Kaiser also stressed the importance of strong defences, saying that companies must first block unauthorized access and restrict attackers movement within the network.
AI is enabling fraud in addition to digital intrusions. Kaiser explained how deepfake allows attackers to fool employees. An attacker could, for example, impersonate a CEO and request a wire transfer in a familiar messaging application or other trusted setting. Kaiser said that many people would comply with the request, including herself, without questioning its authenticity. These tactics are being used by criminals to defraud companies of millions.
Kaiser emphasized the importance of multifactor authentication not only for digital systems, but also low-tech methods.
“Old-school MFA has a secret phrase,” Kaiser said.
