China’s Volt Typhoon Hackers Were ‘Pre-Positioning’ Cyberattacks against Critical US Infrastructure for Five Years
The cybersecurity landscape has been rocked by revelations regarding the clandestine activities of Volt Typhoon, a Chinese state-sponsored hacking group. According to a recent advisory from the US Cybersecurity and Infrastructure Security Agency (CISA), Volt Typhoon has infiltrated numerous critical infrastructure organizations within the United States and its territories, including Guam.
Unlike traditional cyber espionage tactics, Volt Typhoon's operations appear to be focused on pre-positioning themselves within IT networks, potentially paving the way for disruptive actions targeting operational technology (OT) assets.
CISA's advisory underscores the seriousness of the situation, urging defenders to proactively search for and eliminate malware artifacts left behind by the hackers. The agency has also provided detailed technical guidance to bolster defenses against such threats. Of particular concern is the revelation that Volt Typhoon actors have maintained access to some victim networks for up to five years, raising fears of potential disruptive actions during times of geopolitical tension or military conflict.
The urgency of the situation has been further heightened by recent actions taken by the US Justice Department to dismantle a botnet utilized by Volt Typhoon for covert communications. This botnet, composed of end-of-life Cisco and Netgear routers, served as a conduit for malicious activities and underscored the group's capabilities to operate stealthily within targeted networks.
John Hultquist, Chief Analyst at Mandiant Intelligence – Google Cloud, highlighted the gravity of the situation, emphasizing Volt Typhoon's focus on infiltrating and gathering information from operational technology systems. Such systems, which are integral to the functioning of critical infrastructure, could potentially be manipulated to cause widespread disruptions or even dangerous conditions.
These developments serve as a stark reminder of the evolving nature of cyber threats and the need for robust cybersecurity measures to safeguard critical infrastructure from sophisticated adversaries like Volt Typhoon.