Chinese Volt Typhoon hackers were able to infiltrate US critical infrastructure systems for years

News
By published

The state-sponsored threat actor was lurking for at least five years

A computer being guarded by cybersecurity.
(Image credit: iStock)

A major Chinese state-sponsored threat actor was lurking on the networks of critical US infrastructure firms for years, a newly released advisory has claimed.

The advisory, published by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA, the FBI, and Five Eyes agencies, claims the group, known as Volt Typhoon, compromised, and then dwelled on networks of multiple critical infrastructure organizations in the country for at least five years.

They were able to do that by living off the land (LOTL) and using stolen accounts, the organizations said.

Positioning for action

"In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years," the statement said.

Another hallmark of Volt Typhoon’s approach to cyber-espionage is “extensive pre-exploitation reconnaissance”, which helps the threat actor learn much about the target organizations and their environment. With this knowledge, the group tweaks their tactics, techniques and procedures (TTP) and allocates proper resources to the campaign. 

Of all the compromised organizations, most are in communications, energy, transportation, and water/wastewater industries. 

The goal of this campaign wasn’t just to monitor the activities and steal sensitive information - the group was also positioning for disruptive action, if need be. According to the advisory, should the conflict between the US and China escalate, the group would be properly positioned to disrupt their adversary’s critical infrastructure. 

"This is something we have been addressing for a long time," Rob Joyce, NSA's Director of Cybersecurity and Deputy National Manager for National Security Systems (NSS) told BleepingComputer.

"We have gotten better at all aspects of this, from understanding Volt Typhoon's scope, to identifying the compromises likely to impact critical infrastructure systems, to hardening targets against these intrusions, to working together with partner agencies to combat PRC cyber actors."

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
China US flags cropped
Guam's critical infrastructure is under attack - and Volt Typhoon is the top suspect
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
China
Salt Typhoon strikes again - more US ISPs, universities and telecoms networks hit by Chinese hackers
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
Salt Typhoon attacks may have hit more US firms than previously thought
China
Salt Typhoon hackers used this clever technique to attack US networks
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
More about security
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
Half man, half AI.

Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
Google Pixel 8a in aloe green showing

Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
See more latest
Most Popular
Google Pixel 8a in aloe green showing
Google Pixel 9a benchmark link teases the performance of the upcoming mid-ranger
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
Eizo FlexScan FLT
Behold the world's most power-efficient monitor — the EIZO FlexScan FLT
A close up of a xenomorph with Earth reflected on its head in the Alien: Earth TV show teaser
Alien: Earth: everything we know so far about FX's upcoming Alien TV show coming to Hulu and Disney+