Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow Us
Follow Us
Login Login
Threads tests post saving as it competes with X.
China-backed Volt Typhoon hackers had infiltrated US vital infrastructure for ‘at least five years’
Disney invests $1.5B in Epic Games to create a ‘entertainment universe’ with Fortnite.

China-backed Volt Typhoon hackers had infiltrated US vital infrastructure for ‘at least five years’

A coalition of U.S. intelligence agencies warned Wednesday that China-backed hackers have had access to American vital infrastructure for “at least five years” to conduct “destructive” assaults.

In a joint advisory published Wednesday, the NSA, CISA, and FBI said Volt Typhoon, a Chinese state-sponsored group of hackers, has been burrowing into the networks of aviation, rail, mass transit, highway, maritime, pipeline, water, and sewage organizations, none of which were named, to prepare for destructive cyberattacks.

The agencies claimed this is a “strategic shift” from China-backed hackers’ usual cyber espionage or information collection to impair operational systems in a big war or crisis.

The UK, Australian, Canadian, and New Zealand cybersecurity authorities co-signed the advice a week after FBI Director Christopher Wray issued a similar warning. At a U.S. House of Representatives committee hearing on Chinese cyber threats, Wray called Volt Typhoon “the defining threat of our generation” and said the group wants to “disrupt our military’s ability to mobilize” in the early stages of a conflict over Taiwan, which China claims.

According to Wednesday’s technical alert, Volt Typhoon has exploited router, firewall, and VPN vulnerabilities to obtain early access to critical infrastructure nationwide. The alert said that China-backed hackers may have used stolen administrator credentials to access these systems for “at least five years.”

The advice warned that state-backed hackers might “manipulate heating, ventilation, and air conditioning (HVAC) systems in server rooms or disrupt critical energy and water controls, leading to significant infrastructure failures” with this access. Though unclear, Volt Typhoon hackers may have accessed key infrastructure video surveillance systems.

Volt Typhoon employed living-off-the-land tactics to sustain long-term, unknown persistence by using genuine target system tools and functionalities. To prevent discovery, the hackers did “extensive pre-compromise reconnaissance.” In certain cases, Volt Typhoon attackers may have avoided utilizing compromised credentials outside of business hours to minimize security alarms on aberrant account activity, the report added.

On Wednesday, top U.S. intelligence officials cautioned that Volt Typhoon is “not the only Chinese state-backed cyber actors carrying out this type of activity” but did not identify the other organizations they were following.

Last week, the FBI and DOJ shut down Volt Typhoon’s “KV Botnet,” which had infected hundreds of U.S. routers for small companies and home offices. The FBI says it removed malware from stolen routers and cut off its link to Chinese state-sponsored hackers.

Microsoft said in May 2023 that Volt Typhoon had targeted and breached U.S. vital infrastructure since mid-2021.

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Threads tests post saving as it competes with X.

Next Post

Disney invests $1.5B in Epic Games to create a ‘entertainment universe’ with Fortnite.

Advertisement