01 April 2024

What is Volt Typhoon?

Volt Typhoon has compromised thousands of devices around the world since it was publicly identified by security analysts at Microsoft in May 2023. . .For cybersecurity practitioners and society generally, attacks like Volt Typhoon can represent an enormous geopolitical cybersecurity threat. They are a reminder for everyone to monitor what’s going on in the world and consider how current events can affect the confidentiality, integrity and availability of all things digital.
Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyesissued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure.

PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders

Publish Date 

The fact sheet, PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders, warns critical infrastructure leaders of the urgent risk posed by Volt Typhoon and provides guidance on specific actions to prioritize the protection of their organization from this threat activity.

CISA and its partners strongly urge critical infrastructure organizations leaders to read the guidance provided in the joint fact sheet to defend against this threat.
To learn more about secure by design principles and practices, visit Secure by Design
5/9/14 Eyes Countries & VPNs: What You Need to Know (2023)
What is 'Five Eyes', an international secret agency? What makes it the  best? - Quora
5-Eyes, 9-Eyes, And 14-Eyes Agreement Explained | Cybernews
Explained: The Five Eyes Alliance - Usanas Foundation - Decode Diagnose  Demystify
__________________________________________________________________

WHY VOLT TYPHOON MATTERS

Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat to the U.S. military by potentially disrupting power and water to military facilities and critical supply chains.

FBI Director Christopher Wray testified at a congressional hearing on Jan. 31, 2024, about Chinese hackers targeting U.S. critical infrastructure.

Microsoft’s 2023 report noted that Volt Typhoon could “disrupt critical communications infrastructure between the United States and Asia region during future crises.” The March 2024 report, published in the U.S. by the Cybersecurity and Infrastructure Security Agency, likewise warned that the botnet could lead to “disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies.”

The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many cyberattacks and attackers, Volt Typhoon has many aliases and also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. Following these latest warnings, China again denied that it engages in offensive cyberespionage.
In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks.
Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.

Volt Typhoon’s existence and the escalating tensions between China and the U.S., particularly over Taiwan, underscore the latest connection between global events and cybersecurity. . .

---------------------------------------------------------------------------------------------------------------

25 May 2023

A "collective disinformation campaign" from the Five Eyes countries, consisted of the U.S., Canada, New Zealand, Australia and the UK.

 

Translate
China denies spying allegations, says U.S. is the empire of hacking
CGTN
China denied it organized state-sponsored hacking groups to attack U.S. networks, saying the hacking allegations were a "collective disinformation campaign" from the Five Eyes countries, consisted of the U.S., Canada, New Zealand, Australia and the UK.
Western intelligence agencies and Microsoft released a report on Wednesday alleging that China has been spying on a wide range of U.S. critical infrastructure organizations.
Chinese foreign ministry spokesperson Mao Ning said on Thursday that the report scraps all kinds of things up, misses a lot of evidence and is "extremely unprofessional".
The fact that the National Security Agency (NSA) of the U.S. and other agencies from the Five Eyes countries issued the report simultaneously demonstrated that the disinformation campaign, launched by the U.S. and followed by the Five Eyes countries, is for geopolitical reasons, Mao said at a regular press briefing in Beijing.
Mao added that the Five Eyes Alliance is the world's largest intelligence organization, and the NSA is the largest hacking group in the world. 
"It's ironic that the two organizations jointly publish false information reports," she said. 
As for the involvement of Microsoft, Mao said it showed that the U.S. government was expanding its channels of disinformation beyond government agencies.
"But no matter what varied methods are used, none of this can change the fact that the U.S. is the empire of hacking," she told reporters.
She also mentioned a report by the Chinese side in September last year that disclosed details of a cyberattack by the NSA on Northwestern Polytechnical University of China. She urged the U.S. to give an account of its actions instead of spreading false information to divert attention.
RELATED STORIES

The U.S. Central Intelligence Agency (CIA) has wielded cyber weapons to steal secrets and to conduct cyber attacks, an investigation report by China's National Computer Virus Emergency Response Center and internet security company 360 disclosed. The CIA has co-opted the global internet and its assets, enabling itself to monitor and steal sensitive data of other countries anytime, anywhere. The U.S. does live up to its infamous reputation as the empire of hacking.




Empire of hacking

The U.S. Central Intelligence Agency (CIA) has wielded cyber weapons to steal secrets and to conduct cyber attacks, an investigation report by China's National Computer Virus Emergency Response Center and internet security company 360 disclosed. The CIA has co-opted the global internet and its assets, enabling itself to monitor and steal sensitive data of other countries anytime, anywhere. The U.S. does live up to its infamous reputation as the empire of hacking.












__________________________________________________________________
However, some analysts in both the government and cybersecurity community believe the group has been targeting infrastructure since mid-2021, and possibly much longer.
Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that haven’t been updated regularly. The hackers have targeted communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam.

REFERENCE: MICROSOFT REPORT 2024
May 24, 2023 — Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices. Microsoft continues to ...

No comments:

AIN'T HAPPENING: 'Everybody thinking Infowars was shut down, you're in for a rude awakening.' . . . Judge halts Infowars' sale to The Onion in shock move

A Texas judge pressed the pause button on   The Onion's winning bid for Alex Jones' Infowars  network over questions about the biddi...