The Cybersecurity & Infrastructure Security Agency, National Security Agency, and the Federal Bureau of Investigation released a joint advisory this week stating that China-backed hackers Volt Typhoon have maintained persistent access to some critical USA infrastructure for “at least five years.”
The advisory states that cybersecurity hackers backed by the People’s Republic of China (PRC) are positioning themselves on the IT networks of American infrastructure systems so they can launch “disruptive or destructive” cyberattacks if the USA faces any major crisis or conflict.
In the advisory, it is stated that Volt Typhoon are state-sponsored and backed by the Chinese government. They are known to exploit vulnerabilities in critical infrastructure such as routers, firewalls, and VPNs, targeting key industries such as water, communications, transport, and energy. The exploitations have been found across the continental and non-continental United States, including Guam.
According to the advisory, Volt Typhoon’s activities differ significantly from traditional cyber espionage or intelligence-gathering activity. The agencies behind the advisory believe they are positioning themselves ready for a lateral move into disruptive activities.
Volt Typhoon’s methods have relied heavily on stolen administrator passwords and insufficiently secure front-end security. It has enabled them to take control of some camera surveillance systems to gain a further upper hand. They have been known to use “living off the land” attacks to hide their activities.
What are “living off the land” attacks?
“Living off the land” (LOTL) attacks help cyber attackers go unnoticed. Whereas many attacks use files and leave traces behind, LOTL attacks use legitimate tools on the target system to conduct malicious activities. This makes it very hard to detect using traditional security measures which look for scripts and files as the signature of attacks.
Cybersecurity is constantly evolving and it’s vital to keep systems updated with the latest security measures. Research into the benefits of artificial intelligence (AI) in cybersecurity is ongoing but AI will likely have more success against techniques such as LOTL due to their enhanced analytical powers.
Featured image credit: Pixabay via Pexels