It’s been a while since cybersecurity researchers and U.S. security agencies shined a light on the activities of the Chinese state-sponsored hacking group. Microsoft said in May that Volt Typhoon has been active since mid-2021, stealthily finding and maintaining access in the networks of critical infrastructure providers, with the likely aim of disrupting U.S.-Asia communications in future crisis situations.
Last week, the Five Eyes intelligence alliance—that’s the U.S., Canada, Australia, New Zealand, and the U.K.—jointly warned that Volt Typhoon had been doing its thing for at least five years. And it’s not just positioning itself to disrupt communications, but preparing for “disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” Communications, energy, transportation, water, and waste treatment systems have all been compromised.
The FBI said several days previously that it had managed to disrupt a Volt Typhoon botnet, but noted that this was only part of the hacking group’s operation, and didn’t say how much disruption they’d caused.
{snip}
Then, on Tuesday this week, the industrial cybersecurity firm Dragos released a report about the group it calls Voltzite, which it says “shares overlaps” with Volt Typhoon (different research teams like to come up with their own names for what are essentially the same hacking operations, amorphous as those groups can be). It backed up earlier findings such as the group’s targeting of sites in the U.S. territory of Guam—notable for its importance to both the U.S. military and U.S.-Asian telecommunications links.
But Dragos also said that it had last month found evidence of Voltzite compromising an unspecified large U.S. city’s emergency services network, apparently to steal geographical information (it didn’t manage to get into the organization’s operational network). Dragos also spotted Voltzite targeting African electric transmission and distribution providers last August.
{snip}
“The concern is the targets they pick across telecommunications, and electric power generation and distribution—these are very strategic targets. It’s not a spray and pray,” Dragos CEO Robert Lee told reporters, according to The Register. “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,” Wray told lawmakers.
* Original Article:
https://fortune.com/2024/02/15/volt-typhoon-voltzite-china-hackers-us-critical-infrastructure/amp/