China’s Volt Typhoon APT burrows deeper into U.S. critical infrastructure

The US military was reckoning with two major cyber concerns over the weekend — one the widespread and still unresolved Chinese campaign known as Volt Typhoon targeting military bases, and the other an insider breach affecting Air Force and FBI communications.

Biden administration officials have confirmed that Volt Typhoon’s malware is much more endemic than previously thought; responders have found it planted inside numerous networks controlling the communications, power, and water feeding US military bases at home and abroad, according to The New York Times.

Also concerning, those same networks also touch run of the mill businesses and individuals as well — and investigators are having a hard time assessing the full footprint of the infestation.

Meanwhile, a search warrant obtained by Forbes revealed that the Pentagon is dealing with a wholly separate cyber intrusion — in this case, a communications compromise affecting 17 Air Force facilities, and possibly the FBI as well, courtesy of an Air Force engineer.

Chinese Malware a ‘Ticking Time Bomb’ Inside Critical US Networks

The Chinese state-aligned advanced persistent threat (APT) behind Volt Typhoon, aka “Vanguard Panda,” came to attention after Microsoft observed Chinese cyber activity in Guam, the site of a US military base strategically significant to the defense of Taiwan against Chinese aggression. Microsoft posited at the time “that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”

That case, disclosed in May, has turned out to be just one small part of a much broader campaign, and the aim towards being in place to carry out destruction now seems increasingly likely as a motivation; sources told the Times that the attackers are in a position to handicap military response and supply chains for materiel should a kinetic conflict kick off.

“More than a dozen US officials and industry experts said in interviews over the past two months that the Chinese effort goes far beyond telecommunications systems and predated the May report by at least a year,” the New York Times reported July 29, with one congressman pithily labeling the campaign “a ticking time bomb.”

Further, the Times reported that “There is a debate inside the administration over whether the goal of the operation is primarily aimed at disrupting the military, or at civilian life more broadly in the event of a conflict.”

Austin Berglas, a former FBI Cyber Division special agent, now global head of professional services at BlueVoyant, isn’t surprised that China is buried inside of the US’s most critical networks.

To read the complete article, visit Dark Reading.