Contents:
According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five years before being identified.
What We Know So Far
The Chinese threat group is known for extensively using ‘living off the land’ (LOTL) techniques in their attacks targeting critical infrastructure organizations.
To evade detection and continue to exist over time on infiltrated networks, they additionally use robust operational security and stolen accounts.
In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years… Volt Typhoon actors conduct extensive pre-exploitation reconnaissance to learn about the target organization and its environment; tailor their tactics, techniques, and procedures (TTPs) to the victim’s environment; and dedicate ongoing resources to maintaining persistence and understanding the target environment over time, even after initial compromise.
CISA on the Volt Typhoon Situation (Source)
The Chinese threat group primarily targets the energy, transportation, water/wastewater, and communications sectors, but it has also successfully infiltrated the networks of other critical infrastructure organizations in the United States.
Authorities concluded with high confidence that the group aims to position itself within networks that give them access to Operational Technology (OT) assets with the ultimate goal of disrupting critical infrastructure, as its targets and tactics also deviate from typical cyberespionage activities.
Volt Typhoon actors are seeking to pre-position themselves—using living off the land (LOTL) techniques—on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.
CISA
Rob Joyce, NSA’s Directory of Cybersecurity and Deputy National Manager for NSS said that they’ve been addressing the issue for a long time already. According to him, they’ve gotten better at all aspects of this, from understanding the scope of the Chinese threat group, to identifying the compromises likely to impact the infrastructure systems, to even hardening targets against these intrusions and working together with partner agencies to combat them.
How to Detect Volt Typhoon
The organizations shared a technical guide on how to detect Volt Typhoon techniques and if they were used to compromise your organization’s network. It also contains mitigation measures to secure them against attackers using LOTL techniques.
According to a May 2023 report, the Chinese threat group, also known as Bronze Silhouette, has been targeting and infiltrating U.S. critical infrastructure since at least mid-2021.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube
What Is Malware? Definition, Types and Protection
for more cybersecurity news and topics.