Tag Archive for: Chinabacked

FACTBOX-What is Volt Typhoon, the alleged China-backed hacking group?

/in


Networks controlled by a pervasive Chinese hacking group dubbed “Volt Typhoon” have been disrupted by a U.S. government operation, Reuters exclusively reported on Monday. The group has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities, raising concerns that the hackers were working to hurt U.S. readiness in case of a Chinese invasion of Taiwan.

Here is what is known about Volt Typhoon and its potential threat: ‘FUTURE CRISES’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.” Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan. Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

TAIWAN BOTNET Does this mean a group of destructive hackers is preparing to sabotage U.S. infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group. It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks into more sensitive targets. This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because they limit the visibility of cyber…

Source…

What is Volt Typhoon, the alleged China-backed hacking group?

/in


This is AI generated summarization, which may have errors. For context, always refer to the full article.

Hacking group Volt Typhoon alarms intelligence officials, who say it is part of a larger effort to compromise Western critical infrastructure

Networks controlled by a pervasive Chinese hacking group dubbed “Volt Typhoon” have been disrupted by a US government operation, Reuters exclusively reported on Monday, January 29.

The group has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities, raising concerns that the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.

Here is what is known about Volt Typhoon and its potential threat:

‘Future crises’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colorful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”

Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan. Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

Taiwan botnet

Does this mean a group of destructive hackers is preparing to sabotage US infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.

It is now clear that Volt Typhoon has functioned by taking control…

Source…

China-Backed Hackers Threaten Texas Military Sites, Utilities

/in


(TNS) — A Chinese government-backed hacker group’s apparent plan to upend utilities and communication systems that power U.S. military bases poses a major threat to Joint Base San Antonio — and potentially to the region’s water and electricity customers.

U.S. officials say the group, called Volt Typhoon, has inserted malware — computer code intended to damage or disrupt networks or to covertly collect information — deep in the systems of numerous water and electric utilities that serve military installations in the United States and abroad.

The aim could be to delay a U.S. military response if China’s People’s Liberation Army invades Taiwan. President Joe Biden has said the U.S. military would intervene if China invaded the island nation.


“I would be most concerned about U.S. assets in the Pacific Rim — in South Korea and Japan,” said John Dickson, a San Antonio-based cybersecurity consultant and former Air Force intelligence officer. “But we are Military City, USA, and a sophisticated reader doesn’t have to do too much to connect the dots.”

San Antonio is flush with military personnel and missions. It’s home to Fort Sam Houston, the largest military medical training installation in the U.S., as well as to JBSA-Randolph and JBSA-Lackland Air Force bases.

Lackland trains the service’s incoming airmen and conducts cyber warfare and intelligence-gathering operations at its Security Hill facility.

The National Security Agency’s Texas Cryptologic Center occupies a sprawling campus on San Antonio’s West Side. The center conducts worldwide signals intelligence and cybersecurity operations. Signals intelligence involves collecting, decoding and interpreting electronic communications.

It’s unclear if the networks of the San Antonio Water System or CPS Energy, both owned by the city of San Antonio, are infected with Volt Typhoon’s malware.

CPS, the largest municipally owned utility in the U.S., has 930,000 electric and 381,000 gas customers. SAWS serves 511,000 water and 456,000 wastewater customers. The two utilities’ service areas encompass Bexar County and small swaths of neighboring counties.

“We will continue to…

Source…

Five Eyes Publicizes China-Backed Hackers’ Attack

/in


(MENAFN– Asia Times) This week the Five Eyes alliance – an intelligence alliance between Australia, the United Kingdom, Canada, New Zealand and the United States – announced its investigation into a China-backed threat targeting US infrastructure.

Using stealth techniques, the attacker – referred to as“Volt Typhoon” – exploited existing resources in compromised networks in a technique called“living off the land .”

Microsoft made a concurrent announcement , stating that the attackers’ targeting of Guam was telling of China’s plans to potentially disrupt critical communications infrastructure between the US and the Asia region in the future.

This comes hot on the heels of news in April of a North Korean supply chain attack on Asia-Pacific telecommunications provider 3CX. In this case, hackers gained access to an employee’s computer using a compromised desktop app for Windows and a compromised signed software installation package.

The Volt Typhoon announcement has led to a rare admission by the US National Security Agency that Australia and other Five Eyes partners are engaged in a targeted search and detection scheme to uncover China’s clandestine cyber operations.

Such public admissions from the Five Eyes alliance are few and far between. Behind the curtain, however, this network is persistently engaged in trying to take down foreign adversaries. And it’s no easy feat.

Let’s take a look at the events leading up to Volt Typhoon – and more broadly at how this secretive transnational alliance operates.

Uncovering Volt Typhoon

Volt Typhoon is an“advanced persistent threat group” that has been active since at least mid-2021. It’s believed to be sponsored by the Chinese government and is targeting critical infrastructure organizations in the US.

The group has focused much of its efforts on Guam. Located in the Western Pacific, this US island territory is home to a significant and growing military presence, including the US Air Force, a Marine Corps contingent and the US Navy’s nuclear-capable submarines.




Air Force F-22 Raptors and a C-130J Hercules taxi on the runway before taking off at Andersen Air Force Base in Guam on July 22, 2021. Photo: Air Force Senior…

Source…