Chinese-backed hackers continue to burrow into the IT networks of critical infrastructure in an ongoing campaign to steal data and position themselves in case of a conflict between the United States and China.

A top U.S. cybersecurity official, speaking at the Cyberwarcon security conference in Arlington, Virginia, said threat groups are prepositioning themselves to disrupt networks services that could affect data centers, water systems, energy operations, and other critical infrastructure should such a conflict break out.

Morgan Adamski, executive director of U.S. Cyber Command, said during the conference that U.S. government has “executed globally synchronized activities, both offensively and defensively minded, that are laser-focused on degrading and disrupting PRC cyber operations worldwide,” according to a report in Reuters.

Adamski’s comments came a day after Senator Mark Warner, D-VA, told The Washington Post that the hack of U.S. wireless carriers by a Chinese state-sponsored group, Salt Typhoon, represents the “worst telecom hack in our nation’s history.” Warner is chairman of the Senate Intelligence Committee.

China a Growing Cyberthreat

U.S. law enforcement and intelligence officials have for several years pointed to China as the top foreign cyberthreat. That picture came into sharper focus in February, when CISA, the FBI, and the National Security Agency said that Volt Typhoon, another Chinese-sponsored group, had hacked into networks and systems of critical infrastructure organizations to preposition themselves to strike if a conflict between the nations occurred.

In some cases, the bad actors had been present in the networks for as long as five years.

More recently, U.S. agencies in September unveiled the campaign by Salt Typhoon. Initial reports indicated that telecommunications firms, including AT&T, Verizon, and Lumen Technologies were among Salt Typhoon’s victims.

T-Mobile executives this month confirmed that it also was targeted by the threat group, telling the Wall Street Journal that the company “is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information.”

Still in the Networks

Warner said Salt Typhoon had been able to move from one telecom to another by leveraging the trusted relationships between the companies and that the hackers are still in the networks. Unlike Volt Typhoon, Salt Typhoon’s campaign appears more aimed at cyberespionage than hiding away in networks awaiting a time to strike.

The attackers also targeted the phones of Donald Trump and Senator JD Vance, R-OH – Trump’s running mate – and people working in Vice President Kamala Harris’ presidential campaign and the State Department.

“This is an ongoing effort by China to infiltrate telecom systems around the world, to exfiltrate huge amounts of data,” the senator said.

The attacks on the telecom giants were aimed in part on surveillance data gathered by law enforcement. Reports suggested that the cyber-spies may have accessed wiretapping information to gain insights into the United States’ surveillance efforts of Chinese nationals.

U.S. Government Responding

U.S. officials and lawmakers are pushing back at China’s intrusions with what Cyber Command Adamski called “globally synchronized activities, both offensively and defensively minded, that are laser-focused on degrading and disrupting PRC [People’s Republic of China] cyber operations worldwide.”

Salt Typhoon’s attacks on the telecom companies put a number of efforts into action, with lawmakers pushing for information and the White House reportedly creating an emergency team to address the intrusion.

In addition, White House officials met with telecom executives about the cyberthreats. Heading the meeting were National Security Advisor Jake Sullivan and Anne Neuberger, deputy national security advisor for cyber and emerging technology.

According to the White House, the meeting was to “share intelligence and discuss the People’s Republic of China’s significant cyber espionage campaign targeting the sector” and to “hear from telecommunications sector executives on how the U.S. Government can partner with and support the private sector on hardening against sophisticated nation state attacks.