TLDR:
- Hackers backed by China are infiltrating US companies’ networks to carry out destructive cyber attacks on critical infrastructure.
- The hackers are specifically targeting network and IT staff who hold the keys to the system.
——————-
Hackers backed by China are infiltrating the networks of US companies in order to launch destructive cyber attacks on critical infrastructure. The National Security Agency (NSA), FBI, and the US Cybersecurity and Infrastructure Agency (CISA) have issued a warning about a Chinese state-backed group known as Volt Typhoon, which has compromised multiple critical infrastructure organizations in the US. The hackers have maintained their access to these networks for at least five years. The agencies believe that the hackers are positioning themselves for potential geopolitical tensions or military conflicts with China, with the goal of disrupting operations across critical infrastructure. The hackers conduct extensive reconnaissance on their targets, including researching key network and IT administrators. They target personal email accounts of IT staff and focus on browsing history and stored credentials to gain further information. The hackers exploit known or zero-day vulnerabilities in network appliances to gain initial access to the network. They then aim to gain administrator credentials within the network, often by exploiting privilege escalation vulnerabilities or stealing credentials stored on public-facing network appliances. The hackers also focus on gaining access to operational technology assets, which could allow them to manipulate critical systems and cause significant infrastructure failures. The agencies recommend that organizations provide security training for network and IT personnel, communicate the specific tactics used by Volt Typhoon, and encourage staff to protect their personal email accounts with strong passwords and multi-factor authentication.