DailyPost 2747
UNDETECTED IN US CRITICAL INFRA
Country’s critical infrastructure is primordial to the smooth functioning of the nation and by its very nature is sensitive for a variety of reasons. If some wrong doing remains undetected for long, with best of the controls in place, it does not augur well for the concerned critical infra at least. Might be it emboldens other such bad actors too. In this hyper connected world, the hackers rule the roost and there are umpteen varieties of them; by their origin, purpose and the nature of tools and expertise at their command. A recent headlines says, Chinese hackers operate undetected in US critical infra for half a decade.
Chinese hackers have been known to be audacious and have been termed state sponsored quite a few times. The US government in Feb 2024 accepted that Volt Typhoon, Chinese state sponsored hacking group “had been embedded into some critical infrastructure” for at least five years. The crazy part is the expanse of this operation. It is said that the targets include communications, energy, transportation, water and wastewater systems in the US and Guam. It has been found that the targets and behaviour does not align to the goals of cyber espionage.
As per the current agencies assessment “Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions.’ The idea is to be there persistently and keep on understanding the target environment over long periods of time. The aim is to be ready for a disruptive or destructive cyber attack on US critical infrastructure in case of a major crisis or conflict with the country. The approach is coming pretty close to military strategy rather than espionage or any other state related, or ransom or data related motive.
A joint advisory has been released by CISA, NSA and FBI and is backed by nations which are a part of Five Eyes intelligence alliance. Volt Typhoon is also known by Bronze Silhouette, Insidious Taurus, UNC 3236, Vanguard Panda and other names. It is a China based cyber espionage group that is believed to be active since June 2021. The tradecraft ‘living off the land’ blends malicious activity with legitimate system and network behaviour making it difficult to differentiate even by organisations even with mature security postures. They are masters of stealth exhibited by their hallmark tactics of using multi-prop proxies like KV-botnet to route malicious traffic through a network of compromised routers and firewalls.
CRITICIAL INFRASTRUCTURE HAS BECOME A MAJOR ARENA IN CYBER WAR OF ATTRITION.
Sanjay Sahay
Have a nice evening.