FBI Warns: China Leverages AI to Enhance Cyberattacks on US Infrastructure

FBI: This is how China uses AI in attack chains

Artificial intelligence is helping Beijing's goons break in faster and stay longer RSAC The biggest threat to US critical infrastructure, according to FBI Deputy Assistant Director Cynthia Kaiser, can be summed up in one word: "China." In an interview with The Register during RSA Conference, she said Chinese government-backed crews are testing out AI in every stage of the attack chain. This isn't to say that they're succeeding, but it does make them "more efficient, or might make them a little faster," Kaiser added. The ongoing threat from Beijing-backed digital intruders burrowing into America's critical facilities likely isn't a huge shock to anyone who can name at least two of the Typhoons that have come to light between last year's RSAC and this year's infosec event. By now, most people are aware of the sophistication and stealth with which Beijing's snoops move around critical government, telecommunications, energy, and water networks, sometimes for years before being detected. These and other agents working on behalf of the Chinese government break into American networks through "unsophisticated means, or especially end-of-life devices," Kaiser told The Register. "We see them coming in, oftentimes, through unpatched vulnerabilities or an unpatched device, and then when they get onto a system it's very quiet," she said. FBI agents who responded to China's Volt Typhoon intrusions and visited some of the energy and other compromised facilities "will talk about how deftly the Chinese navigated an internal system, coming in through a business network to get to the operational side," Kaiser noted. "That's what we saw with Salt Typhoon as well: being able to move laterally and navigate, taking their time to get the access they want." One of former FBI Director Christopher Wray's favorite warnings was that China has 50 dedicated hackers for every one of the bureau's cyber-focused agents - and that was well before the Trump administration returned to the White House and slashed federal budgets and employees from the payroll. So it would seem that America is only making it easier for Chinese operatives to do their job. But when asked how the recent government changes have affected the FBI's ability to respond to cyberthreats, Kaiser said: "For us, it's really been business as usual." That business involves responding to nation-state attackers as well as ransomware gangs and other financially motivated cybercriminals, who are increasingly using AI to make their attacks more efficient, faster, and scalable. "At the FBI, we track AI really closely, in a refined way, to say, over time, which countries are either doing the use case or more frequently integrating it into which part of their operations across the attack life cycle," Kaiser added. "The widest adoption of use cases we've seen is from China and cybercriminals." This includes using AI to create fictitious business profiles at scale, and using these with the help of large language models to craft more believable spear-phishing messages to use in social engineering campaigns. Still, the intruders' use is similar to the defenders' in that they are not using AI to launch end-to-end attacks, but rather to make their initial scanning and preparation stages more efficient. "We see a lot of adversaries just trying it out. How could I use AI here? What would it mean there? And it might just mean they've enriched a target campaign, it doesn't mean they've created polymorphic malware that can change when it's on a system," Kaiser noted. So while the doomsday scenarios that we all heard about at previous RSA Conferences haven't yet morphed into reality, attackers are using AI for more practical purposes. "The other way that companies need to be worried about AI is that it does help an adversary map a network better," Kaiser said. "So once they've got onto a network, it does help enable where they might want to go." This is significant because the "first line of defense is: keep adversaries out," she added. "The second one, though, is then ensuring that people can't move around your network." In addition to these two uses for AI, the technology also makes it easier for everyone from fake North Korean IT workers and common crooks to create deepfake videos and swindle companies and individuals out of money and steal their sensitive IP. "Imagine you get a call from your CEO," Kaiser said. "It's on a messaging app you've used before, and it's your CEO sitting in a house where you've seen them many times, and they tell you: I need you to make a wire transfer here, or join an urgent online meeting at this link. A lot of us, me included, would probably do what my CEO told me to do without thinking, could this be fake?" Criminals are doing this, and using deepfake videos to "swindle millions from businesses as a result," she added. "So it's going to be imperative to add MFA to everything." For digital systems, this may include an authentication code or biometric data like a fingerprint. But for a scenario when someone at your company appears to be asking you to transfer large sums of money, multi-factor authentication may involve a more low-tech way of verifying someone's identity. According to Kaiser: "Old-school MFA is having a secret word." ®

FBI warns China is using AI to sharpen cyberattacks on US infrastructure

In a nutshell: An FBI official has warned of a rise in state-sponsored cyberattacks targeting American critical infrastructure, with China emerging as the most persistent and active threat. This concern follows high-profile breaches linked to Beijing-backed groups, who have infiltrated sectors like telecommunications, energy, and water, often remaining undetected for long periods. In an interview with The Register, FBI Deputy Assistant Director Cynthia Kaiser explained how Chinese state-backed cyber groups use artificial intelligence at every stage of their attack operations. While she acknowledged that these efforts don't always lead to success, AI enhances the speed and efficiency of their efforts. These digital intruders operate with increasing sophistication and stealth, infiltrating critical sectors such as government, telecommunications, energy, and water, often remaining undetected for extended periods. Recent incidents highlight the scale and persistence of the threat. For instance, the Volt Typhoon group compromised hundreds of outdated routers to create a botnet to infiltrate US infrastructure and set the stage for destructive cyberattacks. Meanwhile, Salt Typhoon breached at least nine US telecommunications companies and government networks last year, and more recently targeted over a thousand internet-facing Cisco devices. Kaiser noted that these groups often gain access through basic methods, frequently targeting outdated or unsupported devices. She added that attackers typically exploit unpatched vulnerabilities to slip into systems, where they tend to operate stealthily once inside. Federal agents who responded to Volt Typhoon intrusions observed how adeptly the attackers moved within internal systems, transitioning from business networks to operational technology. "That's what we saw with Salt Typhoon as well: being able to move laterally and navigate, taking their time to get the access they want," Kaiser said. "For us, it's really been business as usual." Despite changes in government and reductions in federal resources, Kaiser maintained that the FBI's approach has not shifted. The agency continues to respond to nation-state actors and financially motivated cybercriminals, who increasingly leverage AI to enhance the speed and scale of their attacks. The FBI closely tracks how artificial intelligence is woven into cyber operations, analyzing which countries are adopting it and how frequently it appears across different stages of the attack process. According to Kaiser, China and cybercriminal groups have shown the broadest use of AI-driven tactics. Cybercriminals now use artificial intelligence to automate tasks such as creating fake business profiles and crafting more convincing spear-phishing messages with large language models. However, Kaiser stressed that attackers remain in the exploratory phase and have not adopted AI for fully automated, end-to-end attacks. In many cases, they use the technology to enhance specific parts of a campaign rather than to build advanced tools like polymorphic malware. The practical impact of AI in cyberattacks is already evident. Once attackers infiltrate a network, AI helps them map it more effectively and identify their next moves. Kaiser also emphasized the importance of strong defenses, stating that companies must block unauthorized access first and restrict attackers' movement within the network. In addition to digital intrusions, AI is enabling new forms of fraud. Kaiser highlighted how deepfake technology allows attackers to deceive employees. For example, an attacker might impersonate a CEO in a familiar messaging app or other trusted setting and ask for a wire transfer or an urgent online meeting. Kaiser emphasized that many people, herself included, might comply without questioning the authenticity of the request. Criminals are exploiting these tactics to defraud businesses of millions. Kaiser also stressed the importance of multi-factor authentication, not only for digital systems but also through low-tech methods. Old-school MFA is having a secret word," Kaiser said.