Volt Typhoon: A Chinese Cyberwar Threat to Critical US Infrastructure
By: Craig Kennedy
Volt Typhoon: A Chinese Cyberwar Threat to Critical US Infrastructure
On Tuesday October 24, at the ICS Cybersecurity Conference in Atlanta, the spotlight was focused once again on Volt Typhoon, a Chinese government backed hacking group that targets critical operational infrastructure.
In the keynote fireside chat, John Hultquist, Chief Analyst at Mandiant Intelligence, warned that this Volt Typhoon activity is a “deliberate, long-term attempt to infiltrate a lot of critical infrastructure in a way that stays below the radar.”
What is Critical Infrastructure?
Critical infrastructure refers to the physical and virtual assets that are essential for the functioning of a society and economy, such as energy, water, transportation, communications, health, and defense. These sectors are often the targets of malicious cyber actors who seek to disrupt, damage, or steal sensitive information or resources.
Volt Typhoon Identified Back in May
Microsoft initially identified and nicknamed the group Volt Typhoon back in May, when it found the group stealthily stealing data from critical infrastructure organizations in Guam. Guam is a US territory and is strategically located in the Pacific and would be a critical asset for any future US China conflict in the Pacific.
Active Since Mid-2021
Microsoft assessed that the infiltration by Volt Typhoon had been active since mid 2021 and was designed to lay in wait to disrupt communication infrastructure between the US and Asia in a future conflict. Microsoft noted its stealthy behavior in targeting systems, network discovery, and compromising credentials all while focusing on staying under the radar.
US Infrastructure Compromised
Hultquist noted that Volt Typhoon was “all over the United States. They are clearly dug in, and we’re going to have to root them out.” This is highly concerning and will require a concerted effort on the part of operational infrastructure organizations to identify and eradicate the compromised systems and devices within the infrastructure.
We have seen examples over the last several years with the highly visible attacks on Colonial Pipeline, JBS Foods, and Johnson Controls that these attacks can have wide sweeping impacts on the economy.
Bottom Line
All enterprises, and especially those involved in critical infrastructure, need to prioritize patching of all internet facing edge devices and routers, implement secure multi-factor authentication for accessing all resources, and disable external http and ssh management access to these devices immediately. Patching needs to be for everything including firmware, operating systems, hypervisors, containers, and applications across all devices and systems.
See the Future of Unified Communications and Collaboration with CEO and Lead Analyst Jim Lundy!
Airing LIVE on Thursday, November 16th at 10 AM PT | 1 PM ET
The Future of Communications and Collaboration
The second largest market in enterprise software is Communications and Collaboration. With a growing focus on AI and on enabling users to do video, voice or messaging based interactions, Communications and Collaboration is poised for the most change as Video becomes pervasive and messaging takes over from email.
Join Aragon Research’s Founder and CEO, Jim Lundy, on Thursday, November 16th, 2023 as he talks about what the future of UC&C looks like.
Key issues being covered include:
- What are the trends driving the evolution of Communications and Collaboration?
- How will AI and CoPilots make communication and collaboration more efficient?
- How can enterprises stay ahead of and take advantage of all of the innovation that is coming from Providers?
Have a Comment on this?