Info@NationalCyberSecurity
Info@NationalCyberSecurity

FACTBOX-What is Volt Typhoon, the Chinese hacking group disrupted by the U.S.? | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


The U.S. Department of Justice and the FBI said on Wednesday they disrupted a sweeping Chinese cyber-spying operation that targeted critical American infrastructure entities and could be used against the United States in a future geopolitical crisis.

The operation weeded out malicious Chinese software from a network or “botnet” of hundreds of compromised U.S. routers, both agencies said in a statement.

The U.S. and its key allies disclosed the Chinese campaign, dubbed Volt Typhoon, in May 2023 when analysts at Microsoft found it had targeted everything from U.S. telecommunication networks to transportation hubs.

Here is what is known about Volt Typhoon and its potential threat:

‘FUTURE CRISES’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”

Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp MSFT.O said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan.

Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

TAIWAN BOTNET

Does this mean a group of destructive hackers is preparing to sabotage U.S. infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.

It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks into more sensitive targets. This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because they limit the visibility of cyber defenders that monitor for foreign footprints in their computer networks.

In a report earlier this month, cybersecurity ratings firm SecurityScorecard said Cisco Systems CSCO.O devices were particularly vulnerable to Volt Typhoon’s activity. The firm said it had identified a “network of covert infrastructure operating in Europe, North America, and Asia Pacific that appears to be composed of compromised routers and other network edge devices”.

STEALTHY STORM

Nearly all cyber spies work to cover their tracks. The use of so-called botnets by both government and criminal hackers to launder their cyber operations is not new. The approach is often used when an attacker wants to quickly target numerous victims simultaneously or seeks to hide their origins.

China routinely denies hacking and has done so in the case of Volt Typhoon. But documentation of Beijing’s cyberespionage campaigns has been building for more than two decades. The spying has come into sharp focus over the past 10 years as Western researchers tied breaches to specific units within the People’s Liberation Army, and U.S. law enforcement charged a string of Chinese officers with stealing American secrets.

Secureworks, an arm of Dell Technologies DELL.N, said in a blog post last year that Volt Typhoon’s interest in operational security likely stemmed from embarrassment over the drumbeat of U.S. indictments and “increased pressure from (Chinese) leadership to avoid public scrutiny of its cyberespionage activity.”

The Biden administration has increasingly focused on hacking, not only for fear nation states may try to disrupt the U.S. election in November, but because ransomware wreaked havoc on Corporate America in 2023.

(Reuters)

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW