The recent joint warning issued by CISA, NSA, FBI, and other U.S. government and international partners highlights a critical cybersecurity threat: Volt Typhoon, a Chinese hacking group. This group has targeted critical infrastructure in the United States, raising concerns about potential disruption in the face of geopolitical tensions.
Volt Typhoon’s hacking tactics are particularly concerning due to their extended periods of undetected access within compromised networks. Reports indicate infiltration lasting up to five years in some instances, allowing the group to establish a significant foothold. Their focus on Operational Technology (OT) assets further amplifies the threat, positioning themselves to disrupt or disable critical services in times of heightened geopolitical tensions or potential military conflict involving the United States and its allies.
Actions for Leaders: Vigilance and Defense
CISA, along with its partners, has issued a strong call to action for critical infrastructure leaders. Key recommendations include “ensuring logging, including for access and security, is turned on for applications and systems and logs are stored in a central system”.
.ai-rotate {position: relative;}
.ai-rotate-hidden {visibility: hidden;}
.ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;}
Additionally, organizations are urged to empower cybersecurity teams to make informed resourcing decisions, such as utilizing prioritization tools and investing in detection and hardening practices. Leaders are advised to ensure continuous cybersecurity training, develop comprehensive information security plans, and engage in tabletop exercises.
Organizations should implement cyber incident response plans, regularly review and update them, report incidents promptly, and consider proactive agreements with cybersecurity organizations for expertise and response services.
Volt Typhoon, also known as Bronze Silhouette, has been actively targeting U.S. critical infrastructure since at least mid-2021. Employing a botnet named KV-botnet, comprised of hundreds of small office/home office (SOHO) devices across the U.S., the hackers attempted to conceal their actions and evade detection.
However, the FBI took action to disrupt the KV-botnet in December. Following this intervention, CISA and the FBI have called upon SOHO router manufacturers to enhance device security measures, including secure configuration defaults and addressing web management interface vulnerabilities.
Conclusion
The U.S. agencies cautioned cybersecurity defenders about the Volt Typhoon’s infiltration of U.S. critical infrastructure networks, which represents a crucial business risk for all organizations within the United States and its allied nations. The coordinated response from international agencies underscores the seriousness of the threat. As the cybersecurity landscape constantly evolves, it’s imperative for critical infrastructure owners to remain vigilant and implement proactive defense measures.
The sources for this article include a story from BleepingComputer.
The post CISA Warns of Volt Typhoon Risks to Critical Infrastructure appeared first on TuxCare.
*** This is a Security Bloggers Network syndicated blog from TuxCare authored by Rohan Timalsina. Read the original post at: https://tuxcare.com/blog/cisa-warns-of-volt-typhoon-risks-to-critical-infrastructure/
This post was originally published on the 3rd party site mentioned in the title of this this site