CISA Releases Guidance For Critical Infrastructure To Defend Against Chinese Hacking Group
CISA, along with several other U.S. authorities including the NSA, FBI and global partner Five Eyes cyber security agencies have warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group.
Volt Typhoon (also known as Vanguard Panda, Brronze Silhouette, Dev-0391, UNC3236, Voltzite, and Insidious Taurus) is a state-supported Chinese cyber group that has and continues to compromise western critical infrastructure in a bid to pre-position themselves for destructive cyberattacks.
These include targeting aviation, water, energy, transportation, naval ports, internet service providers, communications services and utilities.
The CISA fact sheet, PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders, warns critical infrastructure leaders of the urgent risk posed by Volt Typhoon and provides guidance on specific actions to prioritize the protection of their organization from this threat activity.
- Volt Typhoon works by exploiting vulnerabilities in small and end-of-life routers, firewalls and virtual private networks (VPNs), often using administrator credentials and stolen passwords, or taking advantage of outmoded tech that hasn’t had regular security updates
- Key weaknesses identified in US digital infrastructure. It uses “living off the land” techniques, whereby malware only uses existing resources in the operating system of what it’s targeting, rather than introducing a new (and more discoverable) file.
- The hackers also conducted “extensive pre-compromise reconnaissance” in a bid to avoid detection. For example, in some instances, Volt Typhoon actors may have abstained from using compromised credentials outside of normal working hours to avoid triggering security alerts on abnormal account activities.
CISA and its partners strongly urge critical infrastructure organizations leaders to read the guidance provided in the joint fact sheet to defend against this threat. For more information on Volt Typhoon related activity, see PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure alongside supplemental Joint Guidance: Identifying and Mitigating Living off the Land Techniques.
(Image courtesy:SilconANGLE)