Volt Typhoon is a Chinese state-sponsored hacker group. The U.S. government and its major global intelligence partner, known as the Five Eyes, issued a warning on March 19, 2024 about the group's activities targeting critical infrastructure.
The warning reflects analysis by the cybersecurity community regarding recent Chinese state-sponsored hacking. Like many cyberattacks and attackers, Volt His Typhoon has many other names, and is also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltuzite, and Insidious Taurus. Following these latest warnings, China once again denied engaging in offensive cyber espionage.
Bolt Typhoon has compromised thousands of devices around the world since it was publicly identified by Microsoft security analysts in May 2023. However, some analysts in both the government and the cybersecurity community believe that the group has been targeting infrastructure since mid-2021, and possibly more devices. It's longer.
Volt Typhoon uses malicious software to infiltrate internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins, and devices that are not regularly updated. To do. The hackers are targeting communications, energy, transportation, and water and wastewater systems in the United States and its territories, including Guam.
In many ways, Bolt Typhoon functions similarly to traditional botnet operators that have plagued the Internet for decades. Take control of vulnerable internet devices such as routers and security cameras to establish a hidden beachhead before using that system for future attacks.
Operating in this manner makes it difficult for cybersecurity defenders to pinpoint the source of the attack. Even worse, defenders could accidentally retaliate against third parties who are unaware that they are caught up in her Volt Typhoon botnet.
Why Bolt Typhoon is important
Disrupting critical infrastructure can cause economic damage around the world. Bolt Typhoon operations also pose a threat to the U.S. military, with the potential to disrupt power and water to military installations and critical supply chains.
Microsoft's 2023 report said Bolt Typhoon could “disrupt critical communications infrastructure between the United States and the Asian region during future crises.” A March 2024 report issued by the Cybersecurity and Infrastructure Security Agency in the United States similarly stated that botnets could be used to “disrupt critical services or disrupt critical services in the event of heightened geopolitical tensions or military conflict with the United States.” “This could lead to destruction,” he warned. Allies. ”
The existence of Bolt Typhoon and the escalating tensions between China and the United States, particularly over Taiwan, highlight the recent link between global events and cybersecurity.
Protect yourself from Bolt Typhoon
On January 31, 2024, the FBI reported that it removed the group's malware from hundreds of small office/home office routers, disrupting Bolt Typhoon's operations. However, the U.S. is still investigating the group's reach into critical U.S. infrastructure.
On March 25, 2024, the United States and United Kingdom announced that they had imposed sanctions on Chinese hackers involved in infrastructure breaches. Other countries, including New Zealand, have also disclosed cyberattacks traced to China in recent years.
All organizations, especially infrastructure providers, must implement proven secure computing practices that center on preparedness, detection, and response. You must ensure that your information systems and smart devices are properly configured, patched, and capable of logging activity. You should also identify and replace devices at the edge of your network, such as routers and firewalls that are no longer supported by their vendors.
Organizations can also implement strong user authentication measures, such as multi-factor authentication, to make it more difficult for attackers like Volt Typhoon to compromise systems and devices. More broadly, the comprehensive NIST Cybersecurity Framework will help these organizations build stronger cybersecurity postures to defend against Bolt-Her Typhoon and other attackers.
Individuals should also remain vigilant for suspicious activity on their accounts, devices, and networks, including ensuring their devices are properly updated, enabling multi-factor authentication, and never reusing passwords. By doing so, you can take steps to protect yourself and your employer.
For cybersecurity professionals and society at large, attacks like Bolt Typhoon could pose a huge geopolitical cybersecurity threat. These are a reminder to everyone to monitor what is happening in the world and consider how current events may impact the confidentiality, integrity and availability of all digital It is something that makes you
