Chinese Volt Typhoon hackers were able to infiltrate US critical infrastructure systems for years

Pls share this post

Listen to this article

A major Chinese state-sponsored threat actor was lurking on the networks of critical US infrastructure firms for years, a newly released advisory has claimed.

The advisory, published by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA, the FBI, and Five Eyes agencies, claims the group, known as Volt Typhoon, compromised, and then dwelled on networks of multiple critical infrastructure organizations in the country for at least five years.

They were able to do that by living off the land (LOTL) and using stolen accounts, the organizations said.

Positioning for action

“In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” the statement said.

These were the most common phishing emails of 2023 — make sure you don't get caught out as well

Another hallmark of Volt Typhoon’s approach to cyber-espionage is “extensive pre-exploitation reconnaissance”, which helps the threat actor learn much about the target organizations and their environment. With this knowledge, the group tweaks their tactics, techniques and procedures (TTP) and allocates proper resources to the campaign. 

Of all the compromised organizations, most are in communications, energy, transportation, and water/wastewater industries. 

The goal of this campaign wasn’t just to monitor the activities and steal sensitive information – the group was also positioning for disruptive action, if need be. According to the advisory, should the conflict between the US and China escalate, the group would be properly positioned to disrupt their adversary’s critical infrastructure. 

READ ALSO  Bots – not all friendly automations looking to help

“This is something we have been addressing for a long time,” Rob Joyce, NSA’s Director of Cybersecurity and Deputy National Manager for National Security Systems (NSS) told BleepingComputer.

“We have gotten better at all aspects of this, from understanding Volt Typhoon’s scope, to identifying the compromises likely to impact critical infrastructure systems, to hardening targets against these intrusions, to working together with partner agencies to combat PRC cyber actors.”

More from TechRadar Pro

READ ALSO  Small business cybersecurity checklist


Pls share this post
Previous articleHow entrepreneurs can improve customer communication
Next articleRussia has used North Korean missiles at least 9 times against Ukraine, US diplomat says