A cyberthreat group called Volt Typhoon is being sponsored by the Chinese government to disrupt critical infrastructure sectors such as communications, utilities, energy and transportation in the continental and non-continental U.S., according to a new cybersecurity advisory.
The warning was issued Wednesday by the Cybersecurity and Infrastructure Security Agency in partnership with NSA, FBI and similar departments from the governments of the United Kingdom, Australia, Canada and New Zealand.
Volt Typhoon exploits “living off the land” techniques by hacking and conducting reconnaissance on legitimate and native tools and processes of critical infrastructure entities. They design their malicious tactics, techniques, and procedures to blend into the organization’s environment, compromising their systems.
The U.S. and allied agencies accompanied the joint advisory with guidance to detect Volt Typhoon’s activities, including deploying patches for internet-facing software and appliances easily exploited by the cyber actor.
“The PRC cyber threat is not theoretical: leveraging information from our government and industry partners, CISA teams have found and eradicated Volt Typhoon intrusions into critical infrastructure across multiple sectors. And what we’ve found to date is likely the tip of the iceberg,” CISA Director Jen Easterly commented. “We strongly encourage all critical infrastructure organizations to review and implement the actions in these advisories and report any suspected Volt Typhoon or living off the land activity to CISA or FBI,” the Wash100 winner added.