Outdated equipment opened the doors to America’s most sensitive systems — and there may be no way back.At the RSA Conference, Cynthia Kaiser, Deputy Assistant Director of the FBI, named one word as the top threat to U.S. critical infrastructure: “China.” According to the high-ranking FBI official, hacker groups backed by Beijing are actively testing artificial intelligence capabilities at every stage of their cyber operations.
Massive intrusions by Chinese actors into strategic U.S. systems are no longer surprising to cybersecurity experts. Since the last RSAC, several large-scale campaigns have come to light — each codenamed “Typhoon.” Chinese cyber spies have demonstrated exceptional skill and stealth, infiltrating government networks, telecom systems, energy infrastructure, and even water treatment plants — often remaining undetected for years.
A prime example is the Volt Typhoon group, which built a massive botnet using outdated routers. With it, attackers gained access to key U.S. infrastructure targets and, according to investigations, spent most of 2023 preparing for potentially devastating cyberattacks.
Another team, known as Salt Typhoon, breached at least nine American telecom companies and government networks last year, and in January attempted to exploit over 1,000 Cisco network devices.
According to Kaiser, Chinese operatives often rely on basic entry methods, exploiting outdated hardware and well-known vulnerabilities. Once inside, they move with extreme caution. FBI agents investigating Volt Typhoon’s intrusions remarked on the hackers’ surgical precision as they traversed internal networks and infiltrated critical business systems — a pattern also seen in Salt Typhoon’s operations.
Former FBI Director Christopher Wray has repeatedly warned that there are 50 Chinese hackers for every FBI cyber agent. And the situation may worsen if the Trump administration returns to office, with plans to cut federal budgets and staff. Still, Kaiser asserts that recent political changes have not impacted the FBI’s ongoing efforts to combat both state-sponsored threats and ransomware.
The Role of AI in Modern Cyberattacks
The FBI is now closely monitoring how threat actors are incorporating artificial intelligence into their operations. AI tools are being used in early attack stages — such as scouting targets and crafting convincing phishing lures using large language models.
AI also helps map out infiltrated networks and plan post-compromise actions. That’s why, she emphasized, the first line of defense is intrusion prevention, while the second must limit attacker movement within internal systems.
The Deepfake Threat
A growing concern is the use of deepfakes. North Korean hackers impersonating IT professionals — and fraudsters more broadly — are increasingly turning to synthetic video content to steal money and sensitive information.
These schemes have already generated millions in fraudulent profits, she warned. Therefore, multi-factor authentication is now more critical than ever. For online platforms, this might mean confirmation codes or biometric data; for large financial transactions, she recommends old-school verification via secondary channels.
Would you like this translated into a press release format or adapted for cybersecurity awareness training?
