October 25, 2023 at 12:16PM
Chinese hacking group Volt Typhoon has shifted its focus to targeting critical infrastructure installations, according to Mandiant Intelligence’s John Hultquist. The group, known for economic espionage and IP theft, has been conducting deliberate, long-term infiltration attempts below the radar. Experts have raised concerns, with Microsoft noting the potential for disruption of critical communications infrastructure between the US and Asia. Defenders are urged to prioritize patching and mitigations for vulnerable devices, as Volt Typhoon leverages botnets and minimal malware use for command and control.
Key takeaways from the meeting notes:
1. Chinese government-backed hacking team, Volt Typhoon, is actively targeting critical infrastructure installations in Guam and the United States.
2. This represents a significant shift for Chinese hacking teams, which have been primarily known for economic espionage and IP theft.
3. The Volt Typhoon campaign has been found in telecommunications, logistics, power, and water sectors, indicating a deliberate, long-term attempt to infiltrate critical infrastructure.
4. The NSA believes they may be preparing for a disruptive event in the event of a wartime scenario.
5. Volt Typhoon’s operational security is strong, using botnets and zero-day vulnerabilities to stay below the radar.
6. Defenders should prioritize patching and mitigations for internet-facing edge devices and network routers, which are major entry points for high-end attackers.
7. The Middle East situation, particularly potential responses from Iran, should also be monitored.
8. SecurityWeek’s ICS Cybersecurity Conference sessions can be watched via live stream or on demand.