Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said.
American officials said China's cyberspies were able to avoid detection and snoop around those networks, in some cases for up to five years.
There is a fear that President Xi has instructed agents to sneak into America's key civil systems, and lay in wait to steal data and trigger disruption to vital services and supply lines as needed.
The Chinese snoops were seeking access to and information about organizations' operational technology to either position themselves for or gain vital information about these OT systems for future cyberattacks, she added.
Last week, the FBI said it obtained search warrants and issued a remote kill command to wipe Volt Typhoon's botnet after the gang infected hundreds of end-of-life routers with backdoor malware to break into critical infrastructure networks.
She declined to identify the other Beijing-backed gangs that have been found burrowing into US critical infrastructure.
In the Feds' Wednesday warning, officials emphasized the importance of identity management for critical infrastructure owners and operators.
This includes implementing phishing-resistant multi-factor authentication.
This is especially concerning given Volt Typhoon's interest in OT systems, according to John Hultquist, chief analyst at Google Cloud's Mandiant Intelligence.
Presumably the concept of infiltrating and backdooring foreign critical infrastructure just in case has not escaped the bright minds at the Pentagon either.
This Cyber News was published on go.theregister.com. Publication date: Wed, 07 Feb 2024 23:13:14 +0000