A Chinese state-sponsored hacking group known as “Volt Typhoon” has been conducting a cyberespionage campaign targeting military and government organizations in the United States, as revealed by Microsoft and various cybersecurity and intelligence agencies. The group’s activities have triggered alerts and raised concerns about potential disruptions to critical communications infrastructure between the US and Asia.
The US Navy has confirmed that it has been impacted by the cyberattacks attributed to the Chinese hackers. The Navy’s Secretary, Carlos Del Toro, stated that China’s behavior in cyberattacks is not surprising and has been ongoing for decades. Microsoft’s warning emphasized that the group exploited a vulnerability in a popular cybersecurity suite, affecting critical cyber infrastructure across various industries. The hackers specifically targeted the communications and maritime sectors in Guam, where a significant US military base is located. Experts have expressed concerns that the surveillance activities in Guam may be related to China’s potential invasion of Taiwan.
Volt Typhoon, characterized as an advanced persistent threat (APT) group, primarily focuses on stealth and espionage. They employ “living off the land” techniques and use the command line to scrape credentials and gather information. To simulate a realistic attack like this, an nGuard red team assessment can test how your organization might perform against real threats. Volt Typhoon also utilizes compromised small office/home office (SOHO) routers and other network devices to proxy their network traffic, blending in with normal network activities and evading detection. nGuard’s managed SIEM solution with User and Entity Behavior Analytics (UEBA) can help detect this type of activity happening within your network before it is too late.
While the hackers have primarily engaged in espionage, there are concerns about their potential to carry out disruptive actions. Microsoft’s analysis suggests that Volt Typhoon is developing capabilities to disrupt critical communications infrastructure between the US and Asia, particularly during future crises. The escalating tensions between the US and China, particularly regarding Taiwan, add weight to the concerns.
The Chinese government has rejected the accusations, dismissing them as a “collective disinformation campaign” and pointing fingers at the US, labeling it the “empire of hacking.” However, researchers from cybersecurity organizations have observed Volt Typhoon targeting defense and government organizations in the US for espionage purposes. While no evidence of destructive activity has been found, the hackers’ focus on stealing information related to US military activities raises concerns.
The revelations about Volt Typhoon’s cyberespionage activities come at a time when the US has been increasing efforts to protect critical infrastructure from cyber threats. Multiple attacks on vital systems in recent years, including those targeting gas pipelines and meat suppliers, have highlighted the need for stronger defenses. Conducting regular penetration testing and vulnerability scanning can help you find and fix the vulnerabilities in your network before groups like Volt Typhoon do. The potential disruption of critical communications infrastructure by groups like Volt Typhoon underscores the importance of bolstering cybersecurity measures to safeguard national security interests.
In summary, the Chinese state-sponsored hacking group Volt Typhoon has been conducting cyberespionage targeting military and government organizations in the US. The group’s activities have triggered warnings from various agencies and raised concerns about potential disruptions to critical communications infrastructure. While China denies the allegations, evidence suggests that their focus on espionage and the development of disruptive capabilities poses a significant threat to US national security. The situation highlights the ongoing challenge of protecting critical infrastructure from cyber threats in an increasingly tense geopolitical landscape.