Hackers from the People's Republic of China spent up to five years in US networks as part of a cyber operation that targeted US critical infrastructure, law enforcement and international agencies said earlier this week. "The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People's Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against US critical infrastructure in the event of a major crisis or conflict with the United States," an alert released by the agencies earlier this week said.[1]
The yearslong operation by the state-sponsored cyber actor, called Volt Typhoon by US authorities, was a way for China to position themselves for an attack on U.S. critical infrastructure using malware, officials said on a call with reporters.
CISA Assistant Director Eric Goldstein said the hackers were in US systems for "up to five years. CISA and its US Government partners have confirmed that this group of PRC state-sponsored cyber actors has compromised entities across multiple critical infrastructure sectors in cyberspace, including communications, energy, transportation, and water and wastewater, in the United States and its territories," a release about the incident said.
The Chinese cyber actors aimed to "launch destructive cyber-attacks that would jeopardize the physical safety of Americans and impede military readiness in the event of a major crisis or conflict with the United States," the release said. Last week, the FBI used a court order to disrupt Volt Typhoon actors from their hacking operation.
The advisory builds upon CISA Director Jenn Easterly and FBI Director Christopher Wray's testimony last week, in which they warned that Chinese hackers could disrupt Americans' way of life. "The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, water sectors steps, China was taking in other words to find and prepare to destroy or degrade the civilian critical infrastructure that keeps us safe and prosperous," Wray told a House panel last week. "And let's be clear, cyber threats to our critical infrastructure represent real world threats to our physical safety."
The agencies wrote in an alert that they are "concerned" about the implications of the cyber operation. "The US authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts," an alert released by the agencies said. "The US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions."
Last week, Easterly warned that the Colonial Pipeline hack in 2021, which briefly shut off pipeline access for part of the country and caused panic, is something that could happen on a much wider scale, if China had their way. "We know that what we have found is the tip of the iceberg," Goldstein said.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
Comments