Shillong, February 8: A coalition of top intelligence agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), has issued a warning about China-sponsored cyber actors gaining access to IT networks for potential destructive cyber attacks against critical infrastructure in the United States during a major crisis or conflict.
As per IANS, the joint statement, released on Wednesday, disclosed that the state-sponsored hacking group Volt Typhoon, supported by the People’s Republic of China (PRC), has infiltrated the IT environments of multiple critical infrastructure organizations over the past five years. These sectors primarily include communications, energy, transportation systems, water, and wastewater systems in the US and its territories.
The agencies express concern over the possibility of these cyber actors utilizing their network access for disruptive or destructive purposes in the event of geopolitical tensions or military conflicts.
Highlighting that Volt Typhoon’s choice of targets and behavior deviates from traditional cyber espionage, the agencies call on critical infrastructure organizations to implement mitigations and actively search for similar malicious activities.
In case of identifying any such activity, the agencies strongly recommend that critical infrastructure entities apply incident response measures outlined in the advisory and promptly report the incident to the relevant agency.
Last week, the FBI and the US Department of Justice announced the disruption of the “KV Botnet” operated by Volt Typhoon, which had compromised routers in small businesses and home offices in the US. The hacking group has been exploiting vulnerabilities in routers, firewalls, and VPNs to gain initial access to critical infrastructure.