The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) on February 7, 2024 to alert critical infrastructure organizations about impending cyber attacks from Chinese state-sponsored cyber groups, most notably Volt Typhoon. These groups have infiltrated the IT environments of several organizations focused on communications, energy, transportation, water, and wastewater systems. Their behavior on these networks is indicative of prepping for an attack on OT (operational technology) assets. An attack of this nature could disrupt machines, sensors, and control systems needed to maintain U.S. critical infrastructure.
Several recommendations have been issued for organizations effected by Volt Typhoon, and other similar state-sponsored cyber groups. A key first step is to ensure all vulnerabilities are identified and products are patched accordingly. Fortinet, Ivanti, NETGEAR, Citrix, and Cisco Devices are just some of the products that have been exploited in the past. Additionally, organizations should consider implementing multi-factor authentication for all accounts and providing cyber security training for users (Arctic Wolf). Finally, organizations should maintain logs and prepare in advance for necessary technology changes and updates (CISA).
Date of event: February 7, 2024
Impact:
- At least 30% of Cisco RV320/325 Devices were compromised (Security Scorecard)
- Volt Typhoon has infiltrated Australia, Canada, the United Kingdom, and previously caused disruptions among African nations. (Barracuda)
- This infiltration creates the potential to cripple U.S. computer systems and can be weaponized in a time of conflict (Newsweek)
Related Resources:
- Joint Cybersecurity Advisory: People’s Republic of China State-Sponsored Cyber Actor Living Off the Land to Evade Detection [Version 1.1]
- Why Great Powers Launch Destructive Cyber Operations and What to Do About it
- Code War: How China’s AI Ambitions Threaten U.S. National Security
- Joint Guidance: Identifying and Mitigating Living Off the Land Techniques
HSDL Featured Topics: Cyber Crime and National Security | Cyber Infrastructure Protection | Ransomware
HSDL Search: Cyber Attacks | National Security | Intelligence Gathering