According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five years before being identified.
The Chinese threat group is known for extensively using 'living off the land' techniques in their attacks targeting critical infrastructure organizations.
To evade detection and continue to exist over time on infiltrated networks, they additionally use robust operational security and stolen accounts.
The U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years Volt Typhoon actors conduct extensive pre-exploitation reconnaissance to learn about the target organization and its environment; tailor their tactics, techniques, and procedures to the victim's environment; and dedicate ongoing resources to maintaining persistence and understanding the target environment over time, even after initial compromise.
The Chinese threat group primarily targets the energy, transportation, water/wastewater, and communications sectors, but it has also successfully infiltrated the networks of other critical infrastructure organizations in the United States.
Authorities concluded with high confidence that the group aims to position itself within networks that give them access to Operational Technology assets with the ultimate goal of disrupting critical infrastructure, as its targets and tactics also deviate from typical cyberespionage activities.
Volt Typhoon actors are seeking to pre-position themselves-using living off the land techniques-on IT networks for disruptive or destructive cyber activity against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.
CISA. Rob Joyce, NSA's Directory of Cybersecurity and Deputy National Manager for NSS said that they've been addressing the issue for a long time already.
According to him, they've gotten better at all aspects of this, from understanding the scope of the Chinese threat group, to identifying the compromises likely to impact the infrastructure systems, to even hardening targets against these intrusions and working together with partner agencies to combat them.
The organizations shared a technical guide on how to detect Volt Typhoon techniques and if they were used to compromise your organization's network.
It also contains mitigation measures to secure them against attackers using LOTL techniques.
According to a May 2023 report, the Chinese threat group, also known as Bronze Silhouette, has been targeting and infiltrating U.S. critical infrastructure since at least mid-2021.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you'll actually want to read directly in your inbox.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape.
His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.
This Cyber News was published on heimdalsecurity.com. Publication date: Fri, 09 Feb 2024 17:13:06 +0000