Volt Typhoon Threat: Feds Urge Defense of Critical Systems
U.S. authorities have expressed concerns regarding the actions of the Chinese hacking group Volt Typhoon, warning owners and operators of critical infrastructure about the necessity of defending against potential devastating cyber attacks.
A new alert issued by CISA, NSA, FBI, and eight other international partners is aimed at guiding senior executives who lack technical knowledge.
The warning advises organizations to employ intelligence-based prioritization tools, such as targets of the Cross-Sector Cybersecurity Performance Goals (CPGs) or recommendations from the Sector Risk Management Agency (SRMA).
Furthermore, it emphasizes the importance of adhering to best practices in cybersecurity, including enabling logging for all applications and systems and centralized log storage. This mechanism will assist security teams in detecting tactics known as living off the land (LotL), which involve the use of legitimate administrative tools and software to camouflage activities and evade detection by security measures.
Additionally, organizations are encouraged to develop an incident response plan and regularly conduct training exercises to ensure every employee knows their role and actions to take in the event of an attack.
The significance of securing the supply chain and having risk management processes in place with suppliers is also highlighted, including strict adherence to security standards and managing issues related to Foreign Ownership, Control, or Influence (FOCI), taking into account, for instance, the Entity List.
This alert is not the first issue concerning the Volt Typhoon group. In February, U.S. authorities reported that the Volt Typhoon had been present within some networks of the country’s critical infrastructure for no less than five years. The hackers’ activities did not align with the traditional objectives of cyber espionage and data collection. With high confidence, it can be stated that the Volt Typhoon was laying the groundwork for potential sabotage.
