November 5, 2024 at 09:37PM
Chinese government-backed hackers, Volt Typhoon, breached Singapore Telecommunications in June, marking a test for future attacks on U.S. telecoms. This is part of broader cyber intrusions targeting critical infrastructure globally, with another group, Salt Typhoon, also reportedly compromising U.S. telecoms. China denies these accusations.
**Meeting Takeaways:**
1. **Volt Typhoon Cyber Breach**:
– The Chinese government-backed cyber group Volt Typhoon reportedly breached Singapore Telecommunications (Singtel) over the summer as part of ongoing attacks on critical infrastructure.
– The breach was discovered in June and is seen as a “test run” for potential future hacks targeting US telecommunications companies.
2. **Broader Cybersecurity Concerns**:
– In February, multiple governments, including the US, Canada, UK, Australia, and New Zealand, warned of Volt Typhoon compromising various critical infrastructure organizations’ IT networks globally, resulting in disruptive or destructive cyberattacks.
– Volt Typhoon’s operations indicate pre-positioning in IT networks aimed at enabling disruptions to operational technology (OT) assets rather than traditional espionage.
3. **Salt Typhoon Group Activities**:
– A separate Chinese-backed group, Salt Typhoon, was found to have breached US telecom companies, including Verizon, AT&T, and Lumen Technologies.
– These breaches also involved targeting phones associated with US political figures, including Kamala Harris and Donald Trump.
4. **China’s Denial**:
– China has denied allegations of cyber espionage and the existence of Volt Typhoon.
5. **Singtel Response**:
– Singtel did not comment on the Volt Typhoon allegations but acknowledged the situation, citing sources that report Volt Typhoon utilized a web shell for the breach.
6. **Malware and Vulnerabilities**:
– Volt Typhoon reportedly exploited a vulnerability (CVE-2024-39717) in Versa SD-WAN technology to deploy web shells for credential harvesting.
– Ongoing attacks are believed to target unpatched Versa Director systems, as noted by Lumen Technologies’ Black Lotus Labs.
**Action Items**:
– Monitor further developments regarding Volt Typhoon and Salt Typhoon activities.
– Consider enhancing cybersecurity measures for IT and OT networks against similar breaches.
– Stay updated on government advisories concerning state-sponsored cyber threats.