China-Sponsored Hackers Lie in Wait to Attack US Infrastructure

In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as communications, energy, transportation, and water and wastewater systems in the United States and some of its territories, including Guam.
The advanced persistent threat group has hidden in some systems for as long as five years, essentially using the IT systems as the into organizations' operational technologies.
The hackers behind Volt Typhoon do a lot of reconnaissance before launching their attacks, learning as much as possible about the organizations they're targeting and their IT environment and then adapting their tactics accordingly, according to CISA. From there, they work to keep a presence in the systems and continue to collect information about target, even after the initial compromise.
The agencies are urging IT and OT administrators at critical infrastructure organizations to hunt through their systems for indications of Volt Typhoon's presence and to root it out if found.
They laid out mitigation guidelines that could be followed, both in the advisory and in previous releases about LOTL techniques.
The warning about Volt Typhoon - which also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite, and Insidious Taurus - comes fewer than two weeks after the U.S. Justice Department said it had taken down a botnet comprising hundreds of Cisco and Netgear routers for home and small offices that was being used by the threat group.
The DOJ said Volt Typhoon had been using the KV Botnet to conceal it's the China origins of its malicious activities against the United States.
CISA had issued an advisory in May 2023 about Volt Typhoon targeting such networking gear as part of its LOTL efforts.
At the time that the DOJ announced the takedown of the KV Botnet, Toby Lewis, global head of threat analysis at cybersecurity vendor Darktrace, said the operation likely disrupted Volt Typhoon's infrastructure, but noted that the hackers were still free.
That said, researchers with Lumen Technologies' Black Lotus Labs group wrote this week that the KV Botnet is still out of action, though they warned that there still is a large number of out-of-date and end-of-life edge devices on the internet that no longer get patches but are still in service.
CISA's advisory also comes as U.S. government officials continue to warn about the ongoing cyberthreat from the Chinese government.
Wray, whose given lawmaker similar warnings at other hearings, said that not enough public attention has been paid to the effort by Chinese hackers to target U.S. critical infrastructure and the risks those efforts post to American citizens.
The office added that China likely has the capabilities to launch cyberattacks against critical infrastructure like oil and gas pipelines and rail systems in the United States.
Volt Typhoon isn't the only China-sponsored group looking to work their way into networking gear to move into organizations' environments.
Government agencies in both the United States and Japan last year said the BlackTech group was manipulating gear from Cisco and possibly other vendors to maintain a presence in the networks of U.S. and East Asian multinational companies.


This Cyber News was published on securityboulevard.com. Publication date: Thu, 08 Feb 2024 18:43:04 +0000


Cyber News related to China-Sponsored Hackers Lie in Wait to Attack US Infrastructure

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
9 months ago Securityboulevard.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
9 months ago Cysecurity.news
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
1 year ago Securityweek.com
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
11 months ago Go.theregister.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
11 months ago Reuters.com
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
9 months ago Darkreading.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
9 months ago Darkreading.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
6 months ago Theregister.com
A top-secret Chinese spy satellite just launched on a supersized rocket - China's largest rocket apparently wasn't big enough to launch the country's newest spy satellite, so engineers gave the rocket an upgrade. The Long March 5 launcher flew with a payload fairing some 20 feet taller than its usual nose cone when it took ...
11 months ago Packetstormsecurity.com
'Volt Typhoon' hackers target US critical infrastructure - Background Hackers allegedly connected to the People's Liberation Army in China are responsible for a series of recent attacks on critical infrastructure in the USA, according to a report first published in the Washington Post. The attacks on tens of ...
11 months ago Pandasecurity.com
Attacks on critical infrastructure are harbingers of war: Are we prepared? - Recent attacks on several water authorities, such as Aliquippa and St. Johns River, are putting a new spotlight on the need to protect critical infrastructure. In war, to bring a nation to its knees, attacks against power and water inflict the most ...
10 months ago Scmagazine.com
China Backed Actors are Employing Generative AI to Breach US infrastructure - Cybercriminals of all skill levels are utilising AI to hone their skills, but security experts warn that AI is also helping to track them down. At a workshop at Fordham University, National Security Agency head of cybersecurity Rob Joyce stated that ...
10 months ago Cysecurity.news
Big China Spy Balloon Moving East Over US, Pentagon Says - The Pentagon said at midday Friday that a Chinese spy balloon had moved eastward and was over the central United States, and that the U.S. rejected China's claims that it was not being used for surveillance. Gen. Pat Ryder, Pentagon press secretary, ...
1 year ago Securityweek.com
US House 'Asks Intel, Nvidia, Micron CEOs' To Testify On China - US House of Representatives China committee asks chief executives of Intel, Nvidia, Micron to testify as international tensions mount. The chief executives of Intel, Nvidia and Micron have been asked to testify before the US House of Representatives' ...
10 months ago Silicon.co.uk
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
1 month ago Cyberdefensemagazine.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
9 months ago Cisa.gov
China Investigating Alleged Use of Surveillance Balloon in US - China declared on Friday that it is looking into reports that a Chinese spy balloon has been flying in U.S. airspace and asked for people to remain calm. The Foreign Ministry spokesperson Mao Ning also said that China has no intention of infringing ...
1 year ago Securityweek.com
Beijing fosters foreign influencers to spread its propaganda The Register - China is offering foreign influencers access to its vast market in return for content that sings its praises and helps to spreads Beijing's desired narratives more widely around the world, according to think tank the Australian Strategic Policy ...
11 months ago Theregister.com
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
11 months ago Darkreading.com
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations - Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a ...
11 months ago Thehackernews.com
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
1 month ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)