Heads up. There was a joint cybersecurity advisory issued by the US today that Volt Typhoon has infiltrated and existed in critical infrastructure networks for at least five years. This link is a TL:DR of that joint advisory. This somewhat echoing an analysis by Microsoft from almost a year ago.
Ken Westin, Field CISO, Panther Labs had this comment:
The methods being utilized by Volt Typhoon, although not new, should be cause for concern given their intent and targets. Unlike ransomware operators whose goal is to get in and cause damage quickly, this nation-state operator is leveraging valid accounts and “living off the land” techniques to evade detection for long periods of time. These methods allow the group to monitor their targets and provide a foothold to cause kinetic damage — damage that can affect equipment and pose a physical threat to critical infrastructure. By targeting energy, water, communications and transportation infrastructure, it is apparent that Volt Typhoon is seeking to disrupt operations of critical infrastructure to cause panic, discord and distract leadership and the public. Many of the OT environments being targeted are notorious for running outdated software, either out of negligence or necessity, if the systems cannot be updated, which increases the risk posed by this threat.
This is another one of those wake up calls that everyone needs to heed as the PRC who are the ones behind Volt Typhoon are serious about their aims to get into networks and steal data. That makes keeping them out a top priority.
UPDATE: Damir J. Brescic, CISO, Inversion6 adds this comment:
This development represents a significant escalation in something warned last year — the underscoring of the sophisticated capabilities of APT (Advanced Persistent Threat) groups.
Volt Typhoon is known for targeting critical infrastructures, government facilities, and the manufacturing sector. Oh, did I mention that they are a Chinese-sponsored hacking group?
The group operations demonstrate a deep understanding of network defense and evasion techniques that allow them to remain undetected for extended periods of time. Their TTP’s (Tactics, Techniques, and Procedures) point to their technical expertise and resources typically found with state-sponsored APT groups.
Their presence is a warning call, highlighting the need for proactive cybersecurity measures, continuous monitoring and sharing of information among various stakeholders. I believe the Volt Typhoon poses a significant risk to critical infrastructure networks – underscoring the need for robust cybersecurity measures across industries and government partners.
Related
This entry was posted on February 7, 2024 at 2:51 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Joint Advisory Issues Warning About Volt Typhoon
Heads up. There was a joint cybersecurity advisory issued by the US today that Volt Typhoon has infiltrated and existed in critical infrastructure networks for at least five years. This link is a TL:DR of that joint advisory. This somewhat echoing an analysis by Microsoft from almost a year ago.
Ken Westin, Field CISO, Panther Labs had this comment:
The methods being utilized by Volt Typhoon, although not new, should be cause for concern given their intent and targets. Unlike ransomware operators whose goal is to get in and cause damage quickly, this nation-state operator is leveraging valid accounts and “living off the land” techniques to evade detection for long periods of time. These methods allow the group to monitor their targets and provide a foothold to cause kinetic damage — damage that can affect equipment and pose a physical threat to critical infrastructure. By targeting energy, water, communications and transportation infrastructure, it is apparent that Volt Typhoon is seeking to disrupt operations of critical infrastructure to cause panic, discord and distract leadership and the public. Many of the OT environments being targeted are notorious for running outdated software, either out of negligence or necessity, if the systems cannot be updated, which increases the risk posed by this threat.
This is another one of those wake up calls that everyone needs to heed as the PRC who are the ones behind Volt Typhoon are serious about their aims to get into networks and steal data. That makes keeping them out a top priority.
UPDATE: Damir J. Brescic, CISO, Inversion6 adds this comment:
This development represents a significant escalation in something warned last year — the underscoring of the sophisticated capabilities of APT (Advanced Persistent Threat) groups.
Volt Typhoon is known for targeting critical infrastructures, government facilities, and the manufacturing sector. Oh, did I mention that they are a Chinese-sponsored hacking group?
The group operations demonstrate a deep understanding of network defense and evasion techniques that allow them to remain undetected for extended periods of time. Their TTP’s (Tactics, Techniques, and Procedures) point to their technical expertise and resources typically found with state-sponsored APT groups.
Their presence is a warning call, highlighting the need for proactive cybersecurity measures, continuous monitoring and sharing of information among various stakeholders. I believe the Volt Typhoon poses a significant risk to critical infrastructure networks – underscoring the need for robust cybersecurity measures across industries and government partners.
Share this:
Like this:
Related
This entry was posted on February 7, 2024 at 2:51 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.