China’s Volt Typhoon In Critical Networks for 5 Years
U.S. Intelligence agencies say that China is shifting tactics. Or, maybe just adding new ones.
The NSA, CISA and FBI said, in a joint advisory, that China-backed hackers have maintained access inside U.S. critical infrastructure such as aviation, rail, mass transit, highway, maritime, pipeline, water and sewage to prepare to launch a catastrophic attack at a time of their choosing. By already being inside these networks, they would be able to launch attacks at a moment’s notice.
This list is much more extensive than any list that the FBI or others have ever admitted to.
While they are not naming names, we know that they were inside the Guam power grid and multiple water treatment systems.
They say that this marks a shift in strategy from just stealing intellectual property to being able to damage our critical infrastructure. We saw what happened when Colonial Pipeline shut down. That was only one small piece of critical infrastructure. Imagine what happens if you multiply that. Also, those hackers didn’t actually damage the infrastructure.
The advisory didn’t just come from the U.S. We were joined by the United Kingdom, Australia, Canada and New Zealand. This follows FBI director Wray telling Congress that this is “THE DEFINING THREAT OF OUR GENERATION”.
China has been using a variety of methods of creating a beach head including stolen credentials, and exploiting bugs in routers, firewalls and VPNs.
Volt Typhoon has been using “living off the land” techniques to make it harder to detect them. Harder is not impossible, however.
The intelligence community had one other word of caution. Volt Typhoon is only one actor doing this – there are others.
Credit: Tech Crunch