China-backed hackers access US critical infra, ready for cyber attack
China-sponsored cyber actors have accessed IT networks for destructive cyber attacks against US critical infrastructure in the event of a major crisis or conflict with the country, a coalition of top intelligence agencies haswarned
image for illustrative purpose
Washington, Feb 8: China-sponsored cyber actors have accessed IT networks for destructive cyber attacks against US critical infrastructure in the event of a major crisis or conflict with the country, a coalition of top intelligence agencies haswarned.
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and Federal Bureau of Investigation (FBI) said that People’s Republic of China (PRC)-backed hackers are seeking to pre-position themselves on IT networks for disruptive or destructive cyber attacks as they have gained access for “at least five years”.
Volt Typhoon, a state-sponsored group of hackers based in China, has compromised the IT environments of multiple critical infrastructure organisations -- primarily in communications, energy, transportation systems and water and wastewater systems sectors -- in the US and its territories, the agencies said in a joint statement late on Wednesday.
The US agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.
“Volt Typhoon’s choice of targets and pattern of behaviour is not consistent with traditional cyber espionage or intelligence gathering operations,” warned US agencies.
The agencies urge critical infrastructure organisations to apply the mitigations and to hunt for similar malicious activity.
"If an activity is identified, the authoring agencies strongly recommend that critical infrastructure organisations apply the incident response recommendations in the advisory and report the incident to the relevant agency,” said the agencies.
Last week, the FBI and US Department of Justice announced they had disrupted the “KV Botnet” run by Volt Typhoon that had compromised US-based routers for small businesses and home offices.
Volt Typhoon has been exploiting vulnerabilities in routers, firewalls and VPNs to gain initial access to critical infrastructure.