Volt Typhoon has compromised thousands of devices around the world since it was publiclyidentified by security analysts at Microsoftin May 2023. . .For cybersecurity practitioners and society generally, attacks like Volt Typhoon can represent an enormous geopolitical cybersecurity threat. They are a reminder for everyone to monitor what’s going on in the world and consider how current events can affect the confidentiality, integrity and availability of all things digital.
Volt Typhoon is a Chinese state-sponsored hacker group. The United States government and its primary global intelligence partners, known as the Five Eyes, issued a warning on March 19, 2024, about the group’s activity targeting critical infrastructure.
PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders
CISA and its partners strongly urge critical infrastructure organizations leaders to read the guidance provided in the joint fact sheet to defend against this threat.
Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon’s operation also poses a threat to the U.S. military by potentially disrupting power and water to military facilities and critical supply chains.
FBI Director Christopher Wray testified at a congressional hearing on Jan. 31, 2024, about Chinese hackers targeting U.S. critical infrastructure.
Microsoft’s 2023 report noted that Volt Typhoon could “disrupt critical communications infrastructure between the United States and Asia region during future crises.” The March 2024 report, published in the U.S. by the Cybersecurity and Infrastructure Security Agency, likewise warned that the botnet could lead to “disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies.”
The warning echoes analyses by the cybersecurity community about Chinese state-sponsored hacking in recent years. As with many cyberattacks and attackers, Volt Typhoon has many aliases and also is known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. Following these latest warnings, China again denied that it engages in offensive cyberespionage.
In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks. Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon’s botnet.
Volt Typhoon’s existence and the escalating tensions between China and the U.S., particularly over Taiwan, underscore the latest connection between global events and cybersecurity. . .
China denies spying allegations, says U.S. is the empire of hacking
CGTN
China denied it organized state-sponsored hacking groups to attack U.S. networks, saying the hacking allegations were a "collective disinformation campaign" from the Five Eyes countries, consisted of the U.S., Canada, New Zealand, Australia and the UK. Western intelligence agencies and Microsoft released a report on Wednesday alleging that China has been spying on a wide range of U.S. critical infrastructure organizations. Chinese foreign ministry spokesperson Mao Ning said on Thursday that the report scraps all kinds of things up, misses a lot of evidence and is "extremely unprofessional". The fact that the National Security Agency (NSA) of the U.S. and other agencies from the Five Eyes countries issued the report simultaneously demonstrated that the disinformation campaign, launched by the U.S. and followed by the Five Eyes countries, is for geopolitical reasons, Mao said at a regular press briefing in Beijing. Mao added that the Five Eyes Alliance is the world's largest intelligence organization, and the NSA is the largest hacking group in the world. "It's ironic that the two organizations jointly publish false information reports," she said. As for the involvement of Microsoft, Mao said it showed that the U.S. government was expanding its channels of disinformation beyond government agencies. "But no matter what varied methods are used, none of this can change the fact that the U.S. is the empire of hacking," she told reporters. She also mentioned a report by the Chinese side in September last year that disclosed details of a cyberattack by the NSA on Northwestern Polytechnical University of China. She urged the U.S. to give an account of its actions instead of spreading false information to divert attention.
RELATED STORIES
The U.S. Central Intelligence Agency (CIA) has wielded cyber weapons to steal secrets and to conduct cyber attacks, an investigation report by China's National Computer Virus Emergency Response Center and internet security company 360 disclosed. The CIA has co-opted the global internet and its assets, enabling itself to monitor and steal sensitive data of other countries anytime, anywhere. The U.S. does live up to its infamous reputation as the empire of hacking.
The U.S. Central Intelligence Agency (CIA) has wielded cyber weapons to steal secrets and to conduct cyber attacks, an investigation report by China's National Computer Virus Emergency Response Center and internet security company 360 disclosed. The CIA has co-opted the global internet and its assets, enabling itself to monitor and steal sensitive data of other countries anytime, anywhere. The U.S. does live up to its infamous reputation as the empire of hacking.
However, some analysts in both the government and cybersecurity community believe the group has been targeting infrastructure since mid-2021, andpossibly much longer. Volt Typhoon uses malicious software that penetrates internet-connected systems by exploiting vulnerabilities such as weak administrator passwords, factory default logins and devices that haven’t been updated regularly. The hackers have targeted communications, energy, transportation, water and wastewater systems in the U.S. and its territories, such as Guam.
May 24, 2023 — Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices. Microsoft continues to ...
The geopolitical fault lines of the 21st. Century are increasingly similar to those of the Cold War – with interchanged roles for Beijing and Moscow. But what exactly does that mean for the West?
Kissinger himself clearly believed this. During a speech in Beijing in 2019, he said that the United States and China were « in the promontory of a cold war ». In 2020, in the middle of the pandemic, he already spoke of « pass heights ». And a year before his death in 2023, Kissinger warned that the new cold war would be more dangerous than the first. Technological advances like AI could give weapons more autonomy. Kissinger called on both superpowers to limit the existential dangers – and in particular a potentially catastrophic showdown to avoid the controversial status of Taiwan.
As in the 1970s, this approach is criticized by many experts in the current debate. Even the most thoughtful in the new generation of conservative strategists, Elbridge Colby, has asked Biden to pursue a « strategy of prevention » towards China. It is intended to prevent the People's Republic from militarily challenging the status quo in which Taiwan has de facto autonomy. In general, there is almost a complete consensus across parties that one has been wrong: trade with China is not a magic tool that leads to a change in the political system.
Niall Ferguson is a Milbank Family Senior Fellow at the Hoover Institution in Stanford and was a professor at Harvard. The above essay was published in the American magazine « Foreign Affairs » – and is published here exclusively in the German-speaking world. – From the English by mml.
.png)
PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders.png)
