
In an interview at the RSA Conference, Cynthia Kaiser, Deputy Assistant Director of the FBI, identified the foremost threat to the United States’ critical infrastructure with a single word: “China.” According to the senior Bureau official, hacker groups operating with Beijing’s backing are actively exploring the capabilities of artificial intelligence across every phase of their cyber operations.
The scale and frequency of Chinese intrusions into American strategic assets no longer surprise cybersecurity professionals. Over the past year, between successive RSAC conferences, several major operations came to light, each bearing the codename “Typhoon.” Chinese cyber-espionage operatives have demonstrated remarkable sophistication and stealth, infiltrating government networks, telecommunications systems, energy facilities, and water infrastructure — often remaining undetected for years.
A striking example is the Volt Typhoon group, which assembled a vast botnet from outdated routers. This network enabled the attackers to gain access to vital U.S. infrastructure targets and, according to investigators, was used throughout 2023 to prepare for potential large-scale cyberattacks. Another China-linked group, known as Salt Typhoon, compromised at least nine American telecommunications firms and government networks last year, and in January launched an attempt to exploit over a thousand Cisco network devices.
Kaiser noted that Chinese agents typically rely on relatively simple intrusion techniques, focusing on outdated equipment and widely known security vulnerabilities. Once initial access is obtained, they operate with extraordinary caution and discretion. FBI agents investigating Volt Typhoon remarked on the hackers’ mastery in navigating internal systems, moving seamlessly through corporate networks toward the core operating systems of critical enterprises. A similar modus operandi was observed in Salt Typhoon’s operations.
Former FBI Director Christopher Wray has repeatedly warned that for every Bureau cybersecurity specialist, there are an estimated 50 Chinese hackers. The situation could worsen with the return of the Trump administration, which is reportedly planning to slash federal budgets and reduce the civil service workforce. Nevertheless, Kaiser assured that recent political shifts have not yet affected the FBI’s operations — the Bureau continues to counter both state-sponsored adversaries and ransomware syndicates.
Particular emphasis is placed on monitoring how threat groups employ artificial intelligence. Today’s neural networks can be applied across a range of tasks — from mass-generating fictitious business profiles to crafting highly convincing phishing emails using advanced language models.
However, the application of intelligent software remains largely confined to the early stages of cyberattacks — reconnaissance and operational planning.
“We’re witnessing adversaries experimenting with AI to understand its potential in varied scenarios. While this could enhance the precision of targeted campaigns, we’ve not yet seen the development of self-modifying malicious code,” Kaiser explained.
AI is also being used to map compromised networks more efficiently and to strategize post-breach movements. As such, according to Kaiser, if the first line of defense lies in preventing intrusions, the second must focus on restricting adversaries’ lateral movement within internal systems.
Naturally, deepfakes pose an emerging and distinct threat. North Korean hackers posing as IT professionals — as well as ordinary cybercriminals — increasingly use fabricated videos to steal funds and confidential information.
“Imagine receiving a call from your CEO through a familiar messaging app. You see him in a recognizable setting, asking for an urgent wire transfer or inviting you to a critical online meeting. Many people — myself included — would comply without hesitation,” Kaiser recounted.
She emphasized that such schemes have already generated millions in illicit gains, making it imperative to implement multi-factor authentication across all platforms. For online services, this may include verification codes or biometric data, while for large financial transactions, the expert recommends a “retro” safeguard — a prearranged code word.