close
close

US diplomats have called on China to stop the campaign against the Volt Typhoon. It is becoming more and more advanced, according to intelligence officials.

Posted on by angelo
US diplomats have called on China to stop the campaign against the Volt Typhoon. It is becoming more and more advanced, according to intelligence officials.

SAN FRANCISCO — The U.S. operation that wiped out a group of compromised Internet equipment used by Chinese hackers to stage breaches of U.S. critical infrastructure was just the beginning of what has become an evolving cyber challenge fast for the intelligence community.

FBI Director Christopher Wray announced the court-authorized takedown during a high-profile hearing in January, telling lawmakers that his cyber agents had disabled the KV botnet, a digital entity of chain-linked equipment, including cameras and routers, which had been compromised and used to form a data transfer network for the group – known as Volt Typhoon – to covertly penetrate critical infrastructure in preparation for what officials publicly say military conflict between the United States and Beijing.

Its operations were slowed considerably, but the KV botnet was just one of many transit points. Volt Typhoon, supposedly working on behalf of Chinese state authorities, now uses multiple secret networks, making it seemingly impossible to completely stop the entity in its tracks, officials told reporters at the RSA conference in San Francisco.

The news follows a recent diplomatic trip to China two weeks ago, during which State Department Ambassador for Cyberspace and Digital Policy Nathaniel Fick and Secretary of State Anthony Blinken told Chinese officials in Shanghai and Beijing that Volt Typhoon activity had reached boiling point. Fick told reporters at a separate press briefing at the conference.

The critical infrastructure breach “contravenes the spirit of the framework,” Fick said, referring to a recently unveiled draft global cyberspace and digital policy focused on “digital solidarity” among partners in the global Internet ecosystem.

“Secretary Blinken has been very clear that it is dangerous to endanger America’s critical infrastructure – especially civilian critical infrastructure. It’s scalable. This is unacceptable,” he said.

Domestically, completely stopping Typhoon Volt presents a new challenge. The hacker collective first attracted the attention of national security officials and researchers around 2021, when analysts spotted its unique behavior in cyberspace.

“In 2021, we knew we were likely seeing activity from China that represented a different type of threat and intent,” said Morgan Adamski, head of the NSA’s Cybersecurity Collaboration Center and new director of Combatant Command CYBERCOM. The group burrowed into infrastructure environments that had no immediate intelligence value, contradicting historic Chinese cyberespionage.

“Stopping them is now specific to an individual. We could stop them in a network and we could strengthen the network and prevent them from returning to it. But they’ll just find another target to go after who hasn’t taken the same precautions,” she added.

Volt Typhoon hackers used “land living” techniques that allow them to hide inside systems and evade detection, according to US reports, noting that they breached US facilities at Guam and other vital infrastructure at U.S. installations inside and outside the country. country.

The clandestine activities involve a trade that is difficult to uncover due to the group’s reliance on stolen administrator credentials that allow it to more easily hide its exploits.

For targeted victims, they will need to take steps to better manage account credentials, such as changing the default passwords that are automatically provided with bundled software used to log in when first set up.

“I don’t think anyone here would say we did one operation and eradicated everything. That’s not how it works,” said Cynthia Kaiser, deputy chief of the FBI’s cyber division. In the future, conducting takedown operations like that of the KV botnet will buy hackers time to seek refuge in other exploitable domains, and the goal is to “frustrate, delay and prevent them” to track other American networks, she added.

At this point, officials are unable to give a measurable number on the extent of Typhoon Volt’s spread. The number of compromised victims is too difficult to measure because they are constantly being sought, Adamski said.

A leading cybersecurity CEO recently said Nextgov/FCW The hacking campaign is so robust and widespread that it will target victims who will not know they are affected.

“The only people who know… are the PRC,” said Andrew Scott, associate director of CISA’s China operations. “They know what they’re targeting, they know where they’re targeting. So our job is to clarify this as much as possible.