Authored by Catherine Yang via The Epoch Times,
A single water utility in California has received more than 6 million hits from China-based addresses within a week, pointing to the Chinese communist regime’s ongoing efforts to scan for U.S. critical infrastructure vulnerabilities, according to security experts.
The South Coast Water District (SCWD) blocked these connection attempts between July 15 and July 23.
It revealed the figure in a July 23 industry webinar hosted by the Water Information Sharing and Analysis Center, showing a firewall dashboard by security company ThreatSTOP.
SCWD provides potable water, recycled water, and wastewater services to about 40,000 residents, 1,000 businesses, and 2 million visitors annually in Orange County, California.
During the webinar, ThreatSTOP CEO Tom Byrnes and chief scientist Paul Mockapetris, who invented the Domain Name System, advised water industry professionals to tailor who is allowed access to their servers and said that there are some obvious limits one can set.
“If you’re a water district in southern California, you probably don’t have any customers in China,” Mockapetris said.
A ThreatSTOP case study on its website shows that as far back as 2011, even a school district’s network printers in West Memphis, Arkansas, were receiving regular access attempts from China.
Byrnes stated that the 6 million figure had increased overnight from 5 million, demonstrating that critical infrastructure, such as water systems, is constantly being scanned for vulnerabilities.
SCWD’s ThreatSTOP firewall dashboard also showed more than 34,000 blocked connection attempts originating from Bulgaria and more than 21,000 from Iran.
Critical Infrastructure in Crosshairs
The U.S. Intelligence Community considers China a top cyberthreat, with officials sounding the alarm in recent years over large-scale Chinese communist regime-backed hacks into critical U.S. infrastructure. The state-backed campaign known as Volt Typhoon has pre-positioned itself in U.S. critical infrastructure systems to cause widespread disruption in the event of a conflict, according to officials.
Water infrastructure is considered a vital lifeline but is especially vulnerable because parts of these utility networks located in difficult-to-reach terrain may have been designed more for reliability and remote access than cybersecurity, according to officials and experts, and smaller utilities often lack the resources and know-how to defend against cyberattacks.
In 2024, American Water Works, the largest regulated water and wastewater utility in the nation, reported that it was the victim of a cyberattack, but bad actors are not only after large targets.
In 2023, a utility servicing about 15,000 people in Massachusetts was also a victim of a Volt Typhoon hack, The Register reported.
In 2022, legislation was enacted to require critical infrastructure entities to report any cyber incidents to the Cybersecurity and Infrastructure Security Agency within 72 hours. Task forces were created to support critical infrastructure sectors in addressing vulnerabilities.
Cybersecurity researcher Erika Langerova recently conducted a study that found a large body of academic work authored by Chinese researchers examining methods to disrupt Western power grids. Langerova’s study found that over the past two decades, 367 Chinese publications focused on U.S. grids and 166 papers focused on European grids. Most of these works studied failures, outages, and vulnerabilities, with little evidence that the research aimed at strengthening Chinese power grids.
Chinese regime-backed cyber campaigns have also targeted telecom companies, government agencies, media, and nuclear weapons programs. A memo obtained by the nonprofit Property of the People and first reported by NBC News this month revealed that at least one state’s National Guard was extensively compromised by Chinese hackers in 2024.
Cybersecurity experts and intelligence officials have warned that Chinese regime-backed campaigns, such as Salt Typhoon, aggressively exploit known vulnerabilities, which can grant hackers access to extensive networks and sensitive data.
Between December 2024 and January, Chinese hackers associated with Salt Typhoon exploited a Cisco vulnerability to attempt to hack 1,000 devices globally, according to Insikt Group. It published a report and determined that the cyberattacks represented a strategic intelligence threat, with Chinese hackers specifically targeting U.S. political figures.
In the recent Microsoft SharePoint hack, Chinese hackers exploited vulnerabilities in widely used software.
Microsoft said on July 22 that it “observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon,” as well as “another China-based threat actor, tracked as Storm-2603,“ and warned that the ”rapid adoption“ of an exposed vulnerability suggested that Chinese hackers ”will continue to integrate them into their attacks.”
Netherlands-based Eye Security estimates that more than 400 systems were compromised.
Loading recommendations…
