A recent joint advisory from the Cybersecurity & Infrastructure Security Agency, National Security Agency, and the Federal Bureau of Investigation revealed that China-supported hackers known as Volt Typhoon had continuous access to significant infrastructure in the USA for a period of “at least five years.”
The advisory warned that hackers backed by the People’s Republic of China (PRC) have strategically positioned themselves within American infrastructure IT networks. This positioning allows them to potentially launch disruptive or destructive cyberattacks in the event of a major crisis or conflict affecting the USA.
The advisory emphasized that Volt Typhoon is a state-sponsored group supported by the Chinese government. They target vulnerabilities in critical infrastructure components like routers, firewalls, and VPNs, focusing on key sectors including water, communications, transportation, and energy. Their activities have been identified across various regions in the United States, including Guam.
The report highlighted that Volt Typhoon’s strategies deviate significantly from conventional cyber espionage practices. The agencies involved in the advisory suspect that the hackers are preparing for lateral movements towards disruptive actions.
Volt Typhoon’s tactics heavily rely on stolen administrator credentials and weak front-end security measures. This enables them to gain control over camera surveillance systems to enhance their access. Additionally, they have been observed using “living off the land” attacks to obfuscate their operations.
What are “living off the land” attacks?
“Living off the land” (LOTL) attacks enable cyber attackers to operate covertly. Unlike typical attacks that utilize files, LOTL attacks leverage legitimate tools already present on the targeted system to carry out malicious activities. This approach complicates detection using traditional security methods designed to identify scripts and files as indicators of compromise.
Cybersecurity practices are continuously evolving, emphasizing the importance of keeping systems up to date with the latest security protocols. Ongoing research explores the potential benefits of integrating artificial intelligence (AI) in cybersecurity defenses, with AI expected to be more effective in combating techniques like LOTL due to its advanced analytical capabilities.
Featured image credit: Pixabay via Pexels
