February 14, 2024 at 04:05PM
Chinese government’s Volt Typhoon spy team has compromised a US city’s emergency services network and is targeting American telecom providers alongside ongoing reconnaissance of electric companies. Dragos CEO Robert Lee expressed concern over the strategic nature of the targets. The espionage extends to African electric providers, and the spies have long-term access to IT networks, posing significant security risks.
From the meeting notes, it’s clear that the Chinese government’s Volt Typhoon spy team has been actively targeting and compromising critical infrastructure and digital networks in both the US and Africa. Their focus on strategic targets such as telecommunications, electric power generation and distribution, and emergency management services poses a significant threat to national security and infrastructure. The infiltration of US networks not only includes reconnaissance and data theft, but also explicit attempts to access operational technology networks, highlighting the seriousness of the situation.
The report from industrial cybersecurity firm Dragos provides a comprehensive overview of Volt Typhoon’s activities, which include instances of compromise in Guam, US emergency management organizations, African electric transmission and distribution providers, and evidence of overlap with other threat activity clusters. The attackers have been identified to have compromised various devices and software, using a combination of exploits, living off the land techniques, and stolen credentials to gain access and move laterally within networks.
Overall, the meeting notes highlight the urgency of addressing these security breaches and implementing robust measures to safeguard critical infrastructure against further infiltration and potential disruptive attacks.