AI helps catch Chinese Hackers

12360567483?profile=RESIZE_400xArtificial intelligence and machine learning technologies are helping the National Security Agency (NSA) and other US government agencies detect malicious Chinese cyber activity; a top US intelligence official stated recently that indicates how US security agencies are using AI to improve computer defenses.

Speaking on 09 January 2024 at the International Conference on Cyber Security at Fordham University, Rob Joyce, the director of the NSA Cybersecurity Directorate, said that AI is helping his agency detect Chinese operations targeting U.S. critical infrastructure that might evade traditional defensive measures.[1]


US intelligence officials have warned in recent months that Chinese hacking groups are increasingly targeting power generation systems, ports, and other critical infrastructure entities by using methods that analysts refer to as “living off the land,” the use of tools, software, and privileges already present on networks to achieve various objectives.  Malware that would typically trip detection software or tools is never employed, making it much harder to detect.

Joyce explained that recent Chinese operations do not rely on traditional or known malware that might be quickly flagged based on signatures. Instead, the hackers take advantage of architecture implementation flaws, misconfigurations, or default passwords to get into networks and create accounts or users that appear to be legitimate, which are then used to move around the networks or perform activities that typical users don’t normally do.

AI tools are helping the NSA catch these operations. “Machine learning, AI, and big data help us surface those activities,” Joyce said because the models are better at detecting anomalous behavior of supposedly legitimate users.  Recent advances in AI and machine learning have raised concerns among researchers and security officials that they might provide an advantage to offensive cyber operations. Still, Joyce said Tuesday that he’s encouraged by the defensive dividends offered by the technology.

“You’re going to see that on both sides, people that use AI/ML will do better,” Joyce said. Joyce, his colleagues at the NSA, and other agencies have been warning for months that China is aggressively targeting US critical infrastructure in troubling ways.  The US government and Microsoft revealed in May 2023 that Chinese-linked operations were targeting critical infrastructure entities in the US and Guam as part of a campaign tracked as Volt Typhoon.

“They’re not there for intelligence.  They’re not there for financial motivation.  They’re in places like electric, transportation, and ports, trying to hack in to cause societal disruption and panic at a time and place of their choosing,” Joyce stated.

In November 2023, Morgan Adamski, the director of the NSA’s Cybersecurity Collaboration Center, told a crowd of industry analysts and researchers at the CYBERWARCON conference that China was penetrating critical infrastructure and waiting “for the best time to exploit these networks.”  In a call to action, Adamski urged the researchers to look for anomalous behavior beyond known malware in their networks and emphasized how serious the situation is.

“The threat is extremely sophisticated and pervasive,” she reported. “It is not easy to find.  It is pre-positioning to burrow into critical networks for the long haul quietly.  The fact that these actors are in critical infrastructure is unacceptable, and it is something that we are taking very seriously, something that we are concerned about.”


This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  Call for assistance.  For questions, comments, a demo, or assistance, please get in touch with the office directly at 1-844-492-7225, or   




Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings



E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!