Daily on Defense: China hides ‘cyber bombs’ in US routers, Indo-Pacific commander testifies, White House hints at scope of response to death of US troops

Follow us on Twitter View this as website BY JAMIE MCINTYRE

ADVERTISEMENT 'CHINA … THE DEFINING THREAT OF OUR GENERATION': The Justice Department and the FBI revealed yesterday that it has disrupted an audacious Chinese-based effort to employ a botnet to embed malicious software in vulnerable small-business and small-office routers that would lie in wait to cripple America's water treatment plants, electrical grid, oil and gas pipelines, and transportation systems. "China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if and when China decides the time has come to strike," FBI Director Christopher Wray testified before the bipartisan House Committee on Strategic Competition between the U.S. and the Chinese Communist Party. "China’s multipronged assault on our national and economic security make it the defining threat of our generation." "The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors," Wray said. "Steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous." "To quantify what we’re up against, the PRC has a bigger hacking program than that of every major nation combined. In fact, if you took every single one of the FBI’s cyber agents and intelligence analysts and focused them exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50-to-1," Wray said. "I do not want those watching today to think we can’t protect ourselves. But I do want the American people to know that we cannot afford to sleep on this danger." FBI DIRECTOR WARNS CHINESE HACKERS DETERMINED TO 'WREAK HAVOC' ON CRITICAL US INFRASTRUCTURE GALLAGHER: 'THE CYBERSPACE EQUIVALENT OF PLACING BOMBS': Committee Chairman Mike Gallagher (R-WI) warned an attack like the one the FBI thwarted could be timed to coincide with a Chinese invasion of Taiwan so sow chaos and delay a U.S. military response. "It’s outrageous. It’s an active and direct threat to our homeland, to our military, our ability to surge forces forward in the event of a conflict, and it’s not a hypothetical," Gallagher said. "This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities, and power plants. There is no economic benefit for these actions. There’s no pure intelligence-gathering rationale. The sole purpose is to be ready to destroy American infrastructure, which would inevitably result in chaos, confusion, and potentially mass casualties." "The damage that could be done by this is almost hard to imagine," Gallagher warned. "Today we’re going to talk about 'Ugly Gorilla' and 'KandyGoo,'" said Rep. Raja Krishnamoorthi (D-IL), the top Democrat on the committee. "And, no, these are not my kids’ Instagram handles. In fact, these are aliases used by CCP hackers working for the People’s Liberation Army, otherwise known as PLA." "CCP hackers accessed computer systems of about two dozen critical entities, including in Hawaii and in Guam. The hackers even attempted to access the Texas electric grid," Krishnamoorthi said. "While malicious Chinese code hasn’t yet disrupted any of our networks, any cyberattack that results in physical damage or loss of life would grant the United States the inherent right to self-defense." "We must deter our adversaries," he said. HOW IT WORKED: The Chinese hackers, known to the private sector as Volt Typhoon, have been operating since 2021. The Cybersecurity and Infrastructure Security Agency issued a warning in May 2023 about their efforts to hijack privately owned small-office and home-office internet routers and evade detection by blending in with normal Windows system and network activities. "These small-office, home-office routers were very outdated, which made them easy targets for the Chinese government," Wray said.  "The vast majority of routers that comprised the KV Botnet were Cisco and NetGear routers that were vulnerable because they had reached 'end of life' status; that is, they were no longer supported through their manufacturer's security patches or other software updates," the Justice Department said in a press release. "Court-authorized steps to disconnect the routers from the KV Botnet and prevent reinfection are temporary in nature," the DOJ warned. "A router's owner can reverse these mitigation steps by restarting the router." "The remediated routers remain vulnerable to future exploitation by Volt Typhoon and other hackers, and the FBI strongly encourages router owners to remove and replace any end-of-life SOHO router currently in their networks," the department said, urging anyone with a compromised router to contact the FBI's Internet Crime Complaint Center or report it online to CISA. CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER Good Thursday morning and welcome to Jamie McIntyre's Daily on Defense, written and compiled by Washington Examiner National Security Senior Writer Jamie McIntyre (@jamiejmcintyre) and edited by Stacey Dec. Email here with tips, suggestions, calendar items, and anything else. Sign up or read current and back issues at DailyonDefense.com. If signing up doesn't work, shoot us an email and we'll add you to our list. And be sure to follow me on Threads and/or on X @jamiejmcintyre CLICK HERE TO SIGN UP OR READ BACK ISSUES OF DAILY ON DEFENSE HAPPENING TODAY: The Senate Armed Services Committee will hear this morning from Adm. Samuel Paparo, President Joe Biden's nominee to lead one of the military's most consequential combatant commands. The U.S. Indo-Pacific Command is responsible for countering Beijing's expansive claims in the South China Sea, developing plans to help Taiwan defend itself against Chinese invasion, and defending South Korea and Japan from North Korea's increasingly aggressive military threats. The 10 a.m. hearing can be seen here and here. CHINA SEEKS TO ENCIRCLE THE PHILIPPINES'S MARCOS AT HOME AND AT SEA STOLTENBERG: 'IT IS UKRAINE TODAY. TAIWAN COULD BE TOMORROW': In remarks yesterday at the Heritage Foundation, NATO Secretary-General Jens Stoltenberg said while Russia is NATO's "most immediate" threat, "China is the most serious long-term challenge." "China is modernizing its military and developing new weapons, without any transparency or any limitation. It is trading unfairly, buying up critical infrastructure, bullying its neighbors, not least Taiwan, and seeking to dominate the South China Sea," Stoltenberg said. "Europe made the mistake to rely on Russian oil and gas. We cannot repeat that same mistake with China. Dependencies make us vulnerable." "We must organize ourselves for enduring competition with China," he said. "The U.S. has been doing this for some time. You shifted your policy on China in 2017, under President Trump. And since then, NATO has gone a long way in helping European allies fully appreciate the challenges posed by China and respond to it. It is clear that we must eliminate harmful dependencies on critical Chinese raw materials and products." "Let's remember, China and Russia are partners. Putin and Xi have signed an agreement of 'limitless partnership.' Beijing has failed to condemn Russia's invasion of Ukraine. It continues to spread Russian lies and to prop up the Russian economy," he said. "It is Ukraine today. Taiwan could be tomorrow." NATO CHIEF DENIES THAT UKRAINE DISTRACTS FROM CHINA COMPETITION KIRBY: 'THE FIRST THING YOU SEE WON’T BE THE LAST THING': The White House is promising an extended campaign to degrade and deter Iranian-backed proxies from continuing their attacks on U.S. forces in the region, and it has named the primary target that will be in the crosshairs of a multifaceted attack in response to the drone attack in Jordan that killed three American soldiers and wounded more than 40. "We believe that the attack in Jordan was planned, resourced, and facilitated by an umbrella group called the Islamic Resistance in Iraq, which contains multiple groups, including Kataib Hezbollah," National Security Council spokesman John Kirby briefed reporters yesterday. "We’ll respond on our own time, on our own schedule," Kirby said, "And I would also caution you … the first thing you see won’t be the last thing." Iran has threatened it will "decisively respond" to any U.S. attack, but Kirby rejected any suggestion the U.S. should exercise restraint in order to prevent a "wider war." "The folks that need to show restraint are these groups that Iran backs," Kirby said. "As we've said many times, we don't seek a war with Iran. We're not looking for a broader conflict." But he said, "We have obligations in the region, including those to our troops … and now, those attacks have taken the lives of three of them. … We will do what we need to do to make sure that those responsible are held properly accountable." Kirby also rejected a statement by Kataib Hezbollah in which it claimed to be suspending all military and operations against the U.S. to avoid "embarrassment to the Iraqi government."  "You can’t take what a group like Kataib Hezbollah says at face value," Kirby said. "They’re not the only group that has been attacking us. And they’re certainly not the only group that is a participant in this Islamic Resistance of Iraq." Since Oct. 18, Iranian-linked proxies have conducted 166 attacks on U.S. military installations: 67 in Iraq, 98 in Syria, and one in Jordan, according to the U.S. military. ISLAMIC RESISTANCE IN IRAQ GROUP RESPONSIBLE FOR JORDAN STRIKE THAT KILLED THREE TROOPS, US SAYS ONE STEP AHEAD: Meanwhile the U.S. military continues to take out Houthi missiles whenever it spots them locked and loaded. Early this morning local time (last night in Washington) F-18 Super Hornets from the aircraft carrier USS Dwight D. Eisenhower in the Red Sea bombed 10 Houthi drones along with a ground control station in Yemen. "U.S. forces identified the UAV ground control station and one-way attack UAVs in Houthi-controlled areas of Yemen and determined that they presented an imminent threat to merchant vessels and the U.S. Navy ships in the region," the U.S. Central Command said in a release, which characterized the strikes as "self defense." "This action will protect freedom of navigation and make international waters safer and more secure for U.S. Navy vessels and merchant vessels." MISSED BY A MILE: On Tuesday, the American destroyer USS Gravely had a close call when a Houthi anti-ship cruise missile came within a mile of the ship before being shot down by the ship's Phalanx Close-In Weapon System, the last line of defense against incoming missiles. There was no mention of the use of the rapid-fire 20 mm gun weapon system in the U.S. Central Command's Tuesday release, which said only that the missile "was successfully shot down" and that there were "no injuries or damage reported." While a mile seems like a safe distance away, in previous incidents, Houthi missiles have been intercepted at ranges of 8-10 miles, according to David Martin of CBS News. "Too close for any comfort," retired Adm. James Stavridis, former supreme NATO commander, posted on social media. "We need to be killing these weapons BEFORE they launch." CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER THE RUNDOWN:  Washington Examiner: Islamic Resistance in Iraq group responsible for Jordan strike that killed three troops, US says Washington Examiner: FBI director warns Chinese hackers determined to 'wreak havoc' on critical US infrastructure Washington Examiner: Former CIA director warns that Michigan EV plant could be used for Chinese espionage Washington Examiner: Senate border deal stalls out as House Republicans warn bill 'dead on arrival' Washington Examiner: Republicans call for separate Israel aid bill as Senate deal stalls Washington Examiner: Johnson accuses Biden of 'deliberately' opening border in first floor speech as speaker Washington Examiner: Decades of GOP immigration frustration fuel border deal opposition Washington Examiner: Biden confronted by 'reality' of border crisis politics Washington Examiner: Biden faces a troubling border truth: Immigrants want to get caught Washington Examiner: House GOP builds momentum for Mayorkas impeachment with panel vote Washington Examiner: Republicans are trying to impeach a top Biden official — could it backfire? Washington Examiner: State Department pursuing establishment of Palestinian state Washington Examiner: Israeli forces confirm that it began flooding Hamas tunnels Washington Examiner: NATO chief denies that Ukraine distracts from China competition Washington Examiner: China seeks to encircle the Philippines's Marcos at home and at sea Washington Examiner: Judge meets privately with DOJ lawyers over Trump classified documents case Washington Examiner: Opinion: Sen. Ted Budd: Appeasement toward Iran must end Washington Examiner: E.U. Reaches Deal on Fund for Ukraine AP: Rumors that Ukraine's top commander may be dismissed expose rifts in Ukraine top brass Politico: Lawmakers to Pentagon: Do a Better Job Shooting Down Drones Breaking Defense: After Historic Shoot-Down, Why Russia Will Struggle to Replace Its A-50 AEW&C Plane AP: US military revises account of what happened to 2 SEALs who died trying to board Yemen-bound ship Long War Journal: The Israel Air Force bombed a Hezbollah's airstrip in Lebanon. Here's what's known about it. Wall Street Journal: U.S. Presses for Long Cease-Fire CBS News: An Inside Look At U.S. Navy Ships Tasked With Securing The Red Sea Reuters: How The U.S. Is Preparing For A Chinese Invasion Of Taiwan Air & Space Forces Magazine: F-16 Pilot Ejects Before Fighter Crashes off South Korea Wall Street Journal: Why Defense Contractors Are Saying No to Their Biggest Customer: The Pentagon Air & Space Forces Magazine: Boeing Claims 'Momentum' on KC-46 and T-7 as Defense & Space Unit Losses Slow Defense News: Missile Defense Interceptor Competition Enters Critical Design Phase Defense One: High-Powered Microwave Weapon May Have Just Passed a Critical Test DefenseScoop: Holistic Examination of the Next Iteration of US Cyber Command Underway Breaking Defense: Refueling, Propulsion 'Jetpacks' Near Term Space Force 'Mobility' Plans Task & Purpose: Senior Enlisted Leaders Tell Congress That Pentagon Should Learn from Civilian World USNI News: MCPON Honea To Congress: Allow Navy To Give Housing Allowance To Most Junior Sailors Air & Space Forces Magazine: Enlisted Chiefs Want BAH to Cover 100% of Housing Costs Air Force Times: Paperless Enlisted Promotion Tests to Roll Out in February New York Post: Opinion: Mark Montgomery: How to hold Iran accountable for killing US troops THE CALENDAR:  THURSDAY | FEBRUARY 1 8:15 a.m. 999 Ninth St. NW — Exchange Monitor annual Nuclear Deterrence Summit through Feb 2., with Marvin Adams, deputy administrator for defense programs at the National Nuclear Security Administration; Corey Hinderstein, deputy administrator for defense nuclear nonproliferation at the National Nuclear Security Administration; and Mallory Stewart, assistant secretary of state for arms control, deterrence, and stability https://www.exchangemonitor.com/go/nuclear-deterrence-summit 9:30 a.m. 216 Hart — Senate Armed Services Committee hearing to consider the nomination of Adm. Samuel J. Paparo Jr. to be commander of the U.S. Indo-Pacific Command https://www.armed-services.senate.gov/hearings 10 a.m. — Wilson Center’s Global Europe Program virtual discussion: “Ukraine’s Accession to the EU: Next Steps," with Ivanna Klympush-Tsintsadze, member of the Ukrainian Verkhovna Rada, and Mariana Budjeryn, senior research associate at the Harvard Kennedy School’s Project on Managing the Atom https://www.wilsoncenter.org/event/ukraines-accession-eu-next-steps 12 p.m. — Washington Institute for Near East Policy virtual forum: “Countering the Houthi Threat to Shipping: Regional Implications and U.S. Policy," with Simon Henderson, WINEP fellow; Michael Knights; WINEP fellow; and Noam Raydan, WINEP senior fellow https://washingtoninstitute-org.zoom.us/webinar/register FRIDAY | FEBRUARY 2 8:15 a.m. 999 Ninth St. NW — Exchange Monitor annual Nuclear Deterrence Summit, with Air Force Gen. Anthony Cotton, commander of U.S. Strategic Command, and Madelyn Creedon, former principal deputy administrator of the National Nuclear Security Administration https://www.exchangemonitor.com/go/nuclear-deterrence-summit 10 a.m Joint Base Anacostia-Bolling — Change of Directorship Ceremony in which Air Force Lt. Gen. Jeffrey Kruse will take over as Defense Intelligence Agency director from the retiring Army Lt. Gen. Scott Berrier. Deputy Defense Secretary Kathleen Hicks presides. https://www.defense.gov 12:30 — Atlantic Council virtual discussion on a new report: “Russia Tomorrow: Navigating a New Paradigm,” with Yevgenia Albats, Harvard University fellow; Casey Michel, director of the Human Rights Foundation’s Combating Kleptocracy Program; Angela Stent, senior adviser at Georgetown University’s Center for Eurasian, Russian, and East European Studies; and former U.S. Ambassador to Ukraine John Herbst, senior director of the Atlantic Council’s Eurasia Center https://www.atlanticcouncil.org/event/five-scenarios-for-russias-future MONDAY | FEBRUARY 5 3 p.m. — Center for Strategic and International Studies Defense-Industrial Initiatives Group virtual discussion: "Munitions Production Roundtable," with Douglas Bush, assistant secretary of the Army for acquisition, logistics, and technology; Cynthia Cook, director, DIIG, and senior fellow, CSIS International Security Program; and Alexis Lasselle Ross, senior associate (nonresident), CSIS, and member, Army Science Board https://www.csis.org/events/munitions-production-roundtable TUESDAY | FEBRUARY 6 7:30 a.m. — Association of the U.S. Army "Coffee Series," with Army Chief of Staff Gen. Randy George https://www.ausa.org/events/coffee-series/gen-george WEDNESDAY | FEBRUARY 144 a.m. Brussels, Belgium — NATO defense ministers meet at NATO Headquarters, with NATO Secretary-General Jens Stoltenberg scheduled to give a press conference https://www.nato.int/cps/en/natohq/news QUOTE OF THE DAY "This is the cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants. There is no economic benefit for these actions. There's no pure intelligence-gathering rationale. The sole purpose is to be ready to destroy American infrastructure, which would inevitably result in chaos, confusion, and potentially mass casualties." Rep. Mike Gallagher, (R-WI), chairman, House Select Committee on thee Strategic Competition between the U.S. and the Chinese Communist Party, on the Chinese hacking operation aimed at crippling U.S. critical infrastructure Access the Daily on Defense archives here

You received this email because you are subscribed to from The Washington Examiner. Update your email preferences to choose the types of emails you receive. We respect your right to privacy - View our Policy Unsubscribe