Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
CISA, FBI confirm critical infrastructure intrusions by China-linked hackers
The FBI and Cybersecurity and Infrastructure Security Agency confirmed the state-sponsored threat actor Volt Typhoon compromised the IT environments of multiple critical infrastructure providers in the U.S.
2 Min Read
The FBI and Cybersecurity and Infrastructure Security Agency confirmed the state-sponsored threat actor Volt Typhoon compromised the IT environments of multiple critical infrastructure providers in the U.S. The group and other China state-linked actors are operating a broad campaign to sow panic and disruption in preparation for a possible military attack in the Asia-Pacific region.
The agencies issued a detailed warning with key international partners, warning the threat group has already embedded itself inside the systems of numerous transportation, energy, communications and water and wastewater providers, using so-called living off the land techniques that are designed to hide malicious activity.
The threat actors plan to unleash destructive cyberattacks that could cause massive disruption in these key industries, and distract the U.S. from responding to military action, including a possible China-led invasion of Taiwan.
“Our evidence strongly suggests that the PRC actors are prepositioning to launch future disruptive or destructive cyberattacks that could cause impact to national security, economic security or public health and safety,” Eric Goldstein, executive assistant director for cybersecurity at CISA, said Wednesday during a media briefing.
The U.S. agencies found evidence of Volt Typhoon and other actors using living off the land techniques, including masking their activities by embedding themselves in commonly used small office/home office routers and other networking equipment for the last five years.
The U.S. disclosed last week a court-ordered operation to disrupt a network of hundreds of privately-owned SOHO routers that were infected with KV Botnet malware, which was used to conduct espionage operations on other organizations without their knowledge. The botnet targeted end-of-life Cisco and Netgear routers that were no longer actively serviced by manufacturers.
The threat activity is aimed at critical infrastructure organizations in the U.S. and territories including Guam, with potential spillover effects into Canada. Cyber officials in Australia and New Zealand are preparing for similar threat activity against their critical sectors.
The attacks represent a significant shift in tactics for China-affiliated groups, which have traditionally focused on espionage and intellectual property theft from U.S. companies.
Other China-affiliated actors are engaged in similar threat activity against critical infrastructure, according to Cynthia Kaiser, deputy assistant director for the cybersecurity division at the FBI.
To read the complete article, visit Utility Dive.
