Executive Summary
CISA, NSA, FBI, and international partners recently issued an urgent advisory. The advisory highlights that Chinese state-sponsored threat actors, Volt Typhoon, targeted specific U.S. systems for five years, aiming to destabilize critical infrastructure sectors. Using sophisticated techniques like “living off the land,” they maintain covert access, posing challenges to cybersecurity efforts.
Undoubtedly, state-sponsored attacks are increasing. These attacks are characterized by their sophisticated techniques, substantial resources, and long-term operations driven by political, military, or economic motives. Given this persistent threat, it is crucial to develop strong defense strategies and raise awareness to successfully mitigate risks.
What Happened
Recently, CISA issued an urgent advisory about a critical cybersecurity threat in collaboration with NSA, FBI, and international partners. The advisory disclosed that Chinese state-sponsored hackers, known as Volt Typhoon, targeted critical infrastructure in the U.S. for at least five years.
Their intentions were to carry out destabilizing cyberattacks on critical infrastructure, including aviation, rail, mass transit, highway, maritime, pipeline, water, and sewage organizations. The breadth of these targets underscores the gravity of the threat and the potential consequences of successful cyberattacks on critical infrastructure.
On the other hand, Chinese embassy spokesperson Liu Pengyu previously denied the hacking attempts. Additionally, he turned the accusations against the U.S., encouraging the American intelligence community to stop “irresponsible criticism” against Beijing.
About Volt Typhoon
Volt Typhoon, a state-sponsored hacker group from China, has been active for five years. They target U.S. infrastructure, focusing on sectors like aviation and water. Their approach marks a shift from espionage to preparing for cyberattacks amid conflicts, especially over Taiwan.
This group exploits vulnerabilities in routers and VPNs for initial access. They use stolen credentials to maintain this access over time. With such access, they could manipulate systems like HVAC or control energy and water supplies.
Microsoft notes Volt Typhoon’s focus on credential access and network discovery. They operate stealthily across sectors such as utilities and transportation. Their tactics include using legitimate system tools to avoid detection.
The threat of Volt Typhoon is significant, especially regarding critical communications infrastructure. They use a botnet for broader attacks, controlling compromised devices worldwide.
Concerns
The advisory highlighted the hackers’ utilization of the “living off the land” technique to maintain covert access within systems, evading detection. This method allows the hackers to operate secretly within compromised networks.
Furthermore, the hackers’ objective seems to involve pre-positioning for potential destructive cyberattacks, marking a strategic shift from traditional espionage tactics.
Our evidence strongly suggests that the PRC actors are pre-positioning to launch future disruptive or destructive cyber attacks that could cause impact to national security, economic security or public health and safety,
Eric Goldstein, the CISA Executive Assistant Director, informed reporters.
FBI Director Christopher Wray emphasized the seriousness of the situation. He stated that the Volt Typhoon malware enabled China to target critical sectors such as communications, energy, transportation, and water. Director Wray also highlighted the potential real-world threat to the physical safety of the US posed by the pre-positioning activities of these hackers. Also, he reiterated the determination of the FBI to take decisive action against this threat.
Closing Comments
State-sponsored threat actors pose significant risks to national security, critical infrastructure, businesses, and even individuals. We are witnessing an increasing number of state-sponsored attacks. Some recent victims from the business world include Microsoft and HPE.
These actors, supported by national governments, have objectives ranging from espionage and financial gain to disruption and sabotage. They’re known for their sophisticated techniques, significant resources, and long-term operations, often with political, military, or economic motives.
State-backed threat actors represent a significant challenge due to their sophisticated capabilities and substantial resources. Hence, governments and organizations must understand the risks they pose and implement a comprehensive set of countermeasures to protect their critical assets and information.
- Prudential Voluntarily Notifies SEC of Breach Incident
- BlackCat Ransomware Halts Servers amid $22M Theft Claim
- [CVSS 10] Critical Apache Vulnerability Exploited in Ransomware Attacks
- [CVSS 9+] Security Alert: Citrix Bleed Exploit
- Mental Health Company Pays $7M for Not Safeguarding Data
- Enterprises targeted by ransomware access broker via Microsoft Teams