A joint advisory from CISA, NSA, FBI, and Five Eyes agencies discloses the infiltration of a critical infrastructure network in the US by the Chinese Volt Typhoon cyber-espionage group, which remained undetected for at least five years. Employing living off the land (LOTL) techniques and stolen accounts, the group eluded detection and maintained long-term persistence on compromised systems, as observed by US authoring agencies. Targeting sectors including communications, energy, transportation, and water/wastewater, Volt Typhoon’s tactics diverge from typical cyber espionage, indicating intentions to disrupt critical infrastructure, particularly operational technology (OT) assets.
Urgent warnings from US authorities highlight the potential for Volt Typhoon to exploit access to critical networks during military conflicts or geopolitical tensions, posing significant threats to national security. Rob Joyce, NSA’s Director of Cybersecurity, underscores ongoing efforts to understand and mitigate Volt Typhoon’s scope, bolstering defenses against such intrusions and collaborating with partner agencies to counter Chinese cyber actors.
Reference:
