February 7, 2024 at 02:19PM
The US government confirmed that China’s Volt Typhoon hackers compromised critical infrastructure IT networks, preparing for disruptive cyberattacks in the US and its territories. The group targeted communication, energy, transportation, and water systems. Twelve government agencies, including CISA, NSA, and FBI, warned of potential disruptive attacks and provided mitigation actions for network owners and operators.
From the meeting notes, it is clear that there is a significant cybersecurity threat posed by Chinese state-sponsored hackers, specifically the “Volt Typhoon” group, targeting critical infrastructure organizations in the US and potentially other countries. The threat is assessed to be high, with potential for disruptive or destructive cyberattacks in the event of geopolitical tensions or military conflicts.
The group’s choice of targets and behavior indicate a departure from traditional cyber espionage, and there is high confidence that they are positioning themselves on IT networks to disrupt functions. The 12 government agencies, including the CISA, NSA, FBI, and others, are collaborating to address and mitigate this threat.
In response to the threat, the governments have issued technical details, observed tactics, techniques, and procedures (TTPs) used by the hackers, and detection recommendations and best practices. Owners and operators of critical infrastructure are urged to take three immediate actions to mitigate the threat:
1. Apply patches for internet-facing systems, with priority given to appliances that Volt Typhoon is known to exploit.
2. Implement phishing-resistant multi-factor authentication (MFA) to enhance security.
3. Ensure that logging is turned on for applications, access, and security logs, and store these logs in a centralized system.
The potential impact of disrupted US facilities on Canada and the vulnerability of Australian and New Zealand critical infrastructure have also been highlighted, emphasizing the need for a coordinated and swift response to address this threat.