The hacker group Volt Typhoon spent more than five years in the networks of critical US organizations.

The Chinese cyber espionage group Volt Typhoon (also known as Bronze Silhouette, DEV-0391, Insidious Taurus, and Vanguard Panda) has infiltrated the networks of critical infrastructure entities in the United States. According to a joint statement from CISA, NSA, FBI, and other agencies within the Five Eyes alliance (comprising intelligence agencies from Australia, Canada, New Zealand, the United States, and the United Kingdom), hackers maintained access and remained undetected for at least five years.

Volt Typhoon is known for extensively employing “living off the land” (LOTL) techniques in its attacks targeting critical infrastructure organizations. Additionally, the hackers utilize stolen credentials and exercise caution, allowing them to evade detection and maintain a presence in compromised systems for extended periods.

Recent revelations by American government agencies indicate that the Volt Typhoon threat actors maintained access and footholds in some IT environments of victims for at least five years. According to the statement, Volt Typhoon participants conduct extensive reconnaissance before exploitation to gather information about the target organization and its surroundings. They adapt their tactics to the victim’s environment, allocate resources to maintain access, and understand the target environment for an extended period following the initial compromise.

The Chinese group reportedly successfully breached the networks of numerous critical infrastructure organizations across the United States, primarily targeting sectors such as communications, energy, transportation, water supply, and sewage. The names of the affected organizations have not been disclosed.

The obtained access allowed hackers to induce various disruptions, such as manipulating heating, ventilation, and air conditioning (HVAC) systems in server rooms or disrupting critical energy and water supply management systems, potentially leading to significant infrastructure disruptions. It is also reported that in some cases, threat actors may have gained access to video surveillance systems at critical sites, although it is unclear whether they were successful in doing so.

The goals and tactics of the threat actors differ from typical cyber espionage activities, leading authorities to believe with a high degree of confidence that the ultimate goal was the disruption of critical infrastructure rather than espionage. American authorities also fear that the Volt Typhoon could leverage the gained access to critical networks to inflict a devastating impact on critical infrastructure, especially in times of geopolitical tension.

It’s worth recalling that the Chinese hacker group has been attacking and breaching critical infrastructure in the USA since at least mid-2021, according to a Microsoft report published in 2023. During these attacks, hackers utilized a botnet consisting of hundreds of SOHO routers and other devices scattered across the USA to conceal malicious activity and evade detection.

Recently, the FBI announced that it had dismantled this botnet as early as December 2023 and cleaned the compromised devices from Volt Typhoon malware. According to cybersecurity experts, hackers are currently attempting unsuccessfully to restore the disrupted infrastructure.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment