Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Chinese Volt Typhoon hackers were able to infiltrate US critical infrastructure systems for years

A computer being guarded by cybersecurity.

A major Chinese state-sponsored threat actor was lurking on the networks of critical US infrastructure firms for years, a newly released advisory has claimed.

The advisory, published by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA, the FBI, and Five Eyes agencies, claims the group, known as Volt Typhoon, compromised, and then dwelled on networks of multiple critical infrastructure organizations in the country for at least five years.

They were able to do that by living off the land (LOTL) and using stolen accounts, the organizations said.

Positioning for action

"In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years," the statement said.

Another hallmark of Volt Typhoon’s approach to cyber-espionage is “extensive pre-exploitation reconnaissance”, which helps the threat actor learn much about the target organizations and their environment. With this knowledge, the group tweaks their tactics, techniques and procedures (TTP) and allocates proper resources to the campaign. 

Of all the compromised organizations, most are in communications, energy, transportation, and water/wastewater industries. 

The goal of this campaign wasn’t just to monitor the activities and steal sensitive information - the group was also positioning for disruptive action, if need be. According to the advisory, should the conflict between the US and China escalate, the group would be properly positioned to disrupt their adversary’s critical infrastructure. 

"This is something we have been addressing for a long time," Rob Joyce, NSA's Director of Cybersecurity and Deputy National Manager for National Security Systems (NSS) told BleepingComputer.

"We have gotten better at all aspects of this, from understanding Volt Typhoon's scope, to identifying the compromises likely to impact critical infrastructure systems, to hardening targets against these intrusions, to working together with partner agencies to combat PRC cyber actors."

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.