For more than 10 months, spies have been in the target networks of the United States.
The Chinese spy group Volt Typhoon penetrated the network of emergency services of a major American city in order to spy on American telecommunications. This is reported by the Dragos information security company in its report.
Since the beginning of 2023, the group has also been scouting and listing data from several U.S. electric utilities, and recently spies have focused their attention on emergency management services, including telecommunications and satellite services.
Dragos emphasized the strategic importance of the selected targets, pointing out their importance to the national infrastructure of the United States. Such facilities are of strategic value to an adversary seeking to damage or paralyze U.S. infrastructure.
In addition to breaking into digital systems in the United States, Chinese spies have also targeted electricity transmission and distribution organizations in Africa, a continent of great interest to China.
In one case, when a group of Volt Typhoon infiltrated the IT network of an American electric power company, the spies managed to remain undetected for more than 300 days. They actively tried to gain access to the network of operational technologies and took all possible actions to penetrate the electricity management networks.
Although it was not possible to gain direct access to the network of operational technologies, cybercriminals were able to steal data from geographic information systems that could be useful for future destabilizing attacks.
Compromised devices and software included Fortinet FortiGuard, PRTG Network Monitor, ManageEngine ADSelfService Plus, FatePipe WARP, Ivanti Connect Secure VPN, and Cisco ASA. After gaining access to the victims ' IT networks, usually through vulnerable routers or VPN gateways, the attackers used Living off the Land (LotL) techniques and stolen credentials to move around the network.
It is worth noting that already in early February, US federal agencies warned that Volt Typhoon has been in some networks of the country's critical infrastructure for at least 5 years. The attackers targeted communications, energy, transportation, and water and sewer systems in the United States and Guam. The hackers ' activities did not meet the traditional goals of cyber intelligence and data collection. Agencies with a high degree of confidence claim that Volt Typhoon was preparing the ground for possible sabotage.
In addition, according to CrowdStrike, Volt Typhoon hackers conduct extensive preliminary intelligence to study the target organization and its environment. They then adapt their tools and techniques to the specific infrastructure of the victim and devote significant resources to maintaining a covert presence. The group is focused only on a narrow range of targets, but at the same time carefully prepares and conducts attacks. This methodical approach is confirmed by numerous cases of repeated hacking of the same organizations in order to expand unauthorized access.
The Chinese spy group Volt Typhoon penetrated the network of emergency services of a major American city in order to spy on American telecommunications. This is reported by the Dragos information security company in its report.
Since the beginning of 2023, the group has also been scouting and listing data from several U.S. electric utilities, and recently spies have focused their attention on emergency management services, including telecommunications and satellite services.
Dragos emphasized the strategic importance of the selected targets, pointing out their importance to the national infrastructure of the United States. Such facilities are of strategic value to an adversary seeking to damage or paralyze U.S. infrastructure.
In addition to breaking into digital systems in the United States, Chinese spies have also targeted electricity transmission and distribution organizations in Africa, a continent of great interest to China.
In one case, when a group of Volt Typhoon infiltrated the IT network of an American electric power company, the spies managed to remain undetected for more than 300 days. They actively tried to gain access to the network of operational technologies and took all possible actions to penetrate the electricity management networks.
Although it was not possible to gain direct access to the network of operational technologies, cybercriminals were able to steal data from geographic information systems that could be useful for future destabilizing attacks.
Compromised devices and software included Fortinet FortiGuard, PRTG Network Monitor, ManageEngine ADSelfService Plus, FatePipe WARP, Ivanti Connect Secure VPN, and Cisco ASA. After gaining access to the victims ' IT networks, usually through vulnerable routers or VPN gateways, the attackers used Living off the Land (LotL) techniques and stolen credentials to move around the network.
It is worth noting that already in early February, US federal agencies warned that Volt Typhoon has been in some networks of the country's critical infrastructure for at least 5 years. The attackers targeted communications, energy, transportation, and water and sewer systems in the United States and Guam. The hackers ' activities did not meet the traditional goals of cyber intelligence and data collection. Agencies with a high degree of confidence claim that Volt Typhoon was preparing the ground for possible sabotage.
In addition, according to CrowdStrike, Volt Typhoon hackers conduct extensive preliminary intelligence to study the target organization and its environment. They then adapt their tools and techniques to the specific infrastructure of the victim and devote significant resources to maintaining a covert presence. The group is focused only on a narrow range of targets, but at the same time carefully prepares and conducts attacks. This methodical approach is confirmed by numerous cases of repeated hacking of the same organizations in order to expand unauthorized access.
