China’s Cyberattackers Maneuver to Disrupt US Critical Infrastructure

China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure

February 7, 2024 at 06:20PM

CISA’s report reveals that the China-backed Volt Typhoon APT is targeting critical infrastructure, pivoting to operational technology networks. Concerns arise over potential disruption in the event of geopolitical tensions. The APT has remained undetected in US infrastructure for five years, using legitimate accounts and LOTL techniques. It also targets Australian, UK, Canadian, and New Zealand assets.

From the meeting notes, we can infer that the US Cybersecurity and Infrastructure Security Agency (CISA) has issued a report detailing the activities of the China-backed Volt Typhoon advanced persistent threat (APT). The report outlines how Volt Typhoon is consistently targeting highly sensitive critical infrastructure and has recently pivoted to operational technology (OT) networks. This shift in focus towards OT networks corroborates ongoing suspicions that Chinese hackers aim to disrupt critical physical operations in energy, water utilities, communications, and transportation, potentially causing panic and discord in the event of a kinetic conflagration between the US and China.

The report also highlights concerns about the potential use of network access by Volt Typhoon to enable disruptive effects in the event of potential geopolitical tensions or military conflicts. Additionally, it reveals that the APT has been pre-positioning itself on IT networks to enable lateral movement to OT assets in order to disrupt functions, and has been secretly hidden in US infrastructure for the past five years.

Furthermore, the CISA report broadens the risk to include not only the US, but also its partners’ infrastructure in Australia, the UK, Canada, and New Zealand. The report underscores the APT’s reliance on living off the land (LOTL) techniques to evade detection for long periods of time.

It is worth noting that while Volt Typhoon’s strategy of staying hidden by using legitimate utilities and blending in with normal traffic is not a new phenomenon in cybercrime, it poses a significant challenge for potential targets to actively scan for malicious activity.

In summary, the meeting notes highlight the significant and ongoing cybersecurity threat posed by the activities of Volt Typhoon, and the need for heightened vigilance and proactive measures to counter this APT’s operations.

Let me know if you need any further information or specific details from the meeting notes.

Full Article