The US military has been grappling with two major cyber concerns over the weekend. One of them is the ongoing Chinese campaign known as Volt Typhoon, which is targeting military bases. The other concern is an insider breach affecting Air Force and FBI communications.
According to officials from the Biden administration, the malware associated with Volt Typhoon has proven to be much more widespread than previously believed. Responders have discovered the malware inside numerous networks that control the communications, power, and water supply of US military bases both at home and abroad. The New York Times reported that this has raised concerns because these same networks are also connected to regular businesses and individuals, making it difficult to fully assess the extent of the infestation.
In addition, a search warrant obtained by Forbes revealed that the Pentagon is dealing with a separate cyber intrusion. This breach involves a communications compromise that has affected 17 Air Force facilities and may have also impacted the FBI. The breach is believed to have been caused by an insider, specifically an Air Force engineer.
The Chinese state-aligned advanced persistent threat (APT) group behind Volt Typhoon, also known as “Vanguard Panda,” came to the attention of authorities after Microsoft noticed Chinese cyber activity in Guam, which is an important site for US military operations related to defending Taiwan against Chinese aggression. Microsoft speculated that the Volt Typhoon campaign is developing capabilities that could disrupt critical communications infrastructure between the US and Asia during future crises.
The initial case discovered in Guam turned out to be just a small part of a much larger campaign. The attackers behind Volt Typhoon appear to be motivated to disable military response and supply chains in the event of a conflict. Numerous US officials and industry experts have expressed their concerns about this campaign, with one congressman describing it as a “ticking time bomb.” There is an ongoing debate within the administration about whether the goal of the operation is primarily to disrupt the military or to affect civilian life more broadly during a conflict.
Experts have noted that China has been actively seeking to exploit various sectors for political, social, and economic advantage. While espionage has been a common tactic for Chinese state actors, the use of malware designed to disrupt or destroy critical systems is a new development. This has raised questions about whether China is positioning itself for a retaliatory strike or if this type of destructive malware will become more common in future attacks.
On the other hand, the breach affecting the Air Force and FBI communications was caused by an insider. The 48-year-old engineer from the Arnold Air Force base in Tennessee gained unauthorized access to radio communications technologies used by the Air Education and Training Command (AETC), which is responsible for recruitment and training. During the investigation, authorities discovered that the engineer had taken $90,000 worth of radio equipment home.
Furthermore, the search warrant revealed that the engineer’s computer contained the entire communications system of the Arnold Air Force Base, as well as evidence of accessing privileged communications from the FBI and other Tennessee state agencies. This breach serves as a reminder that even organizations with stringent security measures, such as the FBI and Air Force, are not immune to insider threats and supply chain risks.
Overall, these cyber concerns highlight the ongoing challenges faced by the US military in defending against sophisticated cyber attacks from both external entities and insiders. It underscores the need for continued vigilance and improved cybersecurity measures to protect critical infrastructure and communications systems. The evolving nature of cyber threats necessitates a proactive approach and collaboration between government agencies, military organizations, and private sector partners to ensure the security of sensitive information and operations.