A state-affiliated cyber espionage group from the People’s Republic of China, known as Volt Typhoon, has systematically infiltrated various U.S. critical infrastructure sectors, preparing for potential crises in times of conflict. The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings to these sectors regarding the threat, highlighting the risk to essential services in communication, energy, transportation, and water systems across the U.S. and its territories.
Advanced Techniques for Prolonged Covert Access
Volt Typhoon has adeptly utilized advanced techniques to elude detection and maintain long-term access to compromised environments. The group employs legitimate user accounts and ‘living off the land’ strategies, which involve using the victim’s own systems and tools to conduct their operations. This method helps them stay under the radar while having persistent access to sensitive networks.
Five Years of Undetected Operations
Investigations reveal that Volt Typhoon has been operating undetected within some U.S. IT environments for a minimum of five years. The group has conducted extensive surveillance to familiarize themselves with the networks they target, enabling them to customize their attack strategies accordingly to ensure their longevity within these systems.
Once embedded, Volt Typhoon focuses on obtaining administrative credentials, often exploiting vulnerabilities in network appliances to gain initial access. They leverage these credentials to compromise entire domains, which include gaining the ability to access operational technology assets critical to the infrastructure’s functioning.
CISA’s security advisory provides comprehensive details on Volt Typhoon’s methodologies, tactics, and procedures. It also offers guidance on mitigations, signs of compromise, and further information to help organizations protect against such sophisticated cyber threats.
The implications of these revelations are significant, emphasizing the need for heightened cybersecurity vigilance among critical infrastructure providers in the U.S. and reinforcing the importance of international cooperation in combating state-sponsored cyber espionage activities.
