Tag Archive for: Volt

All about Volt Typhoon, the Chinese hacking group, ET Telecom

/in


China is developing the “ability to physically wreak havoc” on US critical infrastructure and its hackers are waiting “for just the right moment to deal a devastating blow”, FBI Director Christopher Wray said on Thursday.

The comments were in relation to a Chinese government-linked hacking campaign dubbed Volt Typhoon. The campaign was disclosed by the US and its key allies in May 2023, when analysts at Microsoft found it had targeted everything from US telecommunication networks to transportation hubs.

On Thursday, Wray said Volt Typhoon had successfully gained access to American targets across the telecommunications, energy, water and other critical sectors.

Here is what is known about Volt Typhoon and its potential threat:

‘Future crises’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”

Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan.

Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

Taiwan botnet

Does this mean a group of destructive hackers is preparing to sabotage US infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.

It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected…

Source…

What is Volt Typhoon, the Chinese hacking group the FBI warns could deal a ‘devastating blow’?

/in


China is developing the “ability to physically wreak havoc” on US critical infrastructure and its hackers are waiting “for just the right moment to deal a devastating blow”, FBI Director Christopher Wray said on Thursday.
The comments were in relation to a Chinese government-linked hacking campaign dubbed Volt Typhoon. The campaign was disclosed by the US and its key allies in May 2023, when analysts at Microsoft found it had targeted everything from US telecommunication networks to transportation hubs.
On Thursday, Wray said Volt Typhoon had successfully gained access to American targets across the telecommunications, energy, water and other critical sectors.
Here is what is known about Volt Typhoon and its potential threat:
‘Future crises’
Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”
Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan.
Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.
Taiwan botnet
Does this mean a group of destructive hackers is preparing to sabotage US infrastructure in the event of a conflict over Taiwan?
Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.
It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks…

Source…

What is Volt Typhoon? A cybersecurity expert explains the Chinese hackers targeting US critical infrastructure

/in


Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyes, issued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure.

The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many cyberattacks and attackers, Volt Typhoon has many aliases and also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. Following these latest warnings, China again denied that it engages in offensive cyberespionage.

Volt Typhoon has compromised thousands of devices around the world since it was publicly identified by security analysts at Microsoft in May 2023. However, some analysts in both the government and cybersecurity community believe the group has been targeting infrastructure since mid-2021, and possibly much longer.

Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that haven’t been updated regularly. The hackers have targeted communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam.

In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks.

Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.

Why Volt Typhoon matters

Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat to the U.S. military by potentially disrupting power and water to military facilities and critical supply chains.

FBI Director…

Source…

Going from defense to offense against China’s Volt Typhoon APT group

/in


What do the Super Bowl and cybersecurity have in common?

To win the big games, teams need both offense and defense. On Jan. 31, the U.S. Government did just that when they disrupted the KV Botnet used by China-sponsored Volt Typhoon.

For far too long, cybersecurity has been considered “preventive” or “reactive.” The industry was developed around defending and protecting assets. The concept of active defense gained interest, but it was misinterpreted and thought of instead as hacking back.

The National Institute of Standards and Technology (NIST) has defined active cyber defense as “synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities.” Active defense still means playing defense.

So, how do we go on offense? As an industry, our approach has become littered with legal pitfalls, significant risks and a lack of ongoing capability. Military organizations are uniquely designed to create and sustain long-term offensive cyberspace operations. As sexy and enticing as that sounds, it’s restricted to operations against foreign adversaries and nation-states as a matter of law. But that’s not the only option we have for a good offense.

Enter the FBI

The FBI operates as the primary federal investigative organization tasked with responding to cyberattacks and intrusions. We are now witnessing the rise of offensive cyber operations by a domestic law enforcement agency that has demonstrated a significant ability to identify, penetrate, and dismantle criminal and nation-state networks. What once was an anomaly has matured to become a standard part of the investigative arsenal available to actively engage and disrupt transnational criminal groups and nation-state actors.

In November 2022, I had the opportunity to participate in a panel discussion with the FBI Supervisory Special Agent, who led the investigation into the takedown of the Hive ransomware group. What was striking for me was how far the FBI had come since the days 23 years prior when I spent a year conducting in-service training for their Computer Analysis Response Team: CART. The student had become the master.

The dismantling of Hive was directed at a transnational criminal group,…

Source…