The Chinese state-sponsored hacking group known as Volt Typhoon has been living in the networks of some critical industries for “at least five years,” according to a joint cybersecurity advisory issued by the U.S. and its allies on Wednesday.
The compromised environments are in the continental U.S. and elsewhere, including Guam, the advisory said. It was published by U.S. agencies and their security counterparts in Australia, Canada, the U.K. and New Zealand.
The report comes a week after U.S. officials announced an operation to disrupt Volt Typhoon by deleting malware from thousands of internet-connected devices the group had hijacked to gain access to the networks in critical parts of the economy. Among the sectors targeted were communications, energy, transportation and water systems.
Addressing Congress last week, FBI Director Christopher Wray said China’s hackers were “positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”
Volt Typhoon uses techniques that have also been put into practice by Russian-affiliated hackers, the report noted. Those include “living off the land,” in which hackers put in place existing tools to stay under the radar.
Even for organizations adopting best practices, distinguishing malicious activity from legitimate behavior is a challenge, the report said. Details of the report were previously published by CNN.
With assistance from Katrina Manson.
©2024 Bloomberg L.P.