January 31, 2024 at 12:17PM
Volt Typhoon, a Chinese-government-backed cyberespionage group, has been targeting US energy, satellite, and telecommunications systems, according to security firm Dragos’ CEO Robert Lee. The group’s tactics, which include a slow and strategic approach, have raised concerns about potential disruptions to critical infrastructure. Lee also highlighted the threat posed by the Pipedream malware and its potential proliferation to criminal actors.
During the meeting, Robert Lee, CEO of security company Dragos, reported that the Chinese government-backed cyber espionage group known as Volt Typhoon has been targeting US energy, satellite, and telecommunication systems. Dragos has been responding to Volt Typhoon activities for about a year and a half and has been involved in incident responses and using intelligence and capabilities to track the group’s activities.
Lee mentioned that Volt Typhoon specifically targeted strategic sites such as US energy systems, satellite, and telecommunication networks, and played a “low and slow game” by consistently choosing industrial targets. Additionally, he discussed a specific malware called Pipedream, which is an industrial control system (ICS) specific malware that can interact with and disrupt critical industrial equipment from multiple vendors.
It was noted that US government agencies have warned about the risk to certain industrial devices from vendors like Schneider Electric and Omron Electronics. Despite the emergence of Pipedream, Dragos does not believe it has been used in a critical infrastructure attack to date.
Lee expressed concerns about the potential proliferation of similar destructive capabilities to criminal actors, as well as the possibility of nations like Russia and China using these tools during times of war. He drew parallels to the rise in ransomware gangs utilizing off-the-shelf offensive security tools like Cobalt Strike, indicating that similar leaked destructive capabilities could become widespread and easily accessible to criminal groups in the future.
Overall, it appears that the meeting focused on the evolving threat posed by Volt Typhoon, the specific capabilities and targeting strategies of the group, and the potential implications of the proliferation of destructive cyber tools to both nation-state actors and profit-motivated criminal groups.