HomeMalware & ThreatsCISA Warns of Chinese Hackers Preparing Destructive Attacks

CISA Warns of Chinese Hackers Preparing Destructive Attacks

Published on

spot_img

U.S. security agencies have cautioned operators of critical infrastructure to promptly apply patches for critical vulnerabilities that are frequently exploited by Chinese government hackers. This warning comes as a Chinese hacking group known as Volt Typhoon has managed to maintain access and footholds in some victim information technology environments for at least five years, all while eluding detection.

The Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory with the FBI and the National Security Agency, as well as international partners from the United Kingdom, Canada, Australia and New Zealand, detailing the persistent access that Volt Typhoon has gained to IT networks. According to Eric Goldstein, CISA’s executive assistant director, evidence “strongly suggests” that the Chinese hacking group is positioning itself on U.S. critical infrastructure networks to launch potentially destructive cyberattacks that would be detrimental to national security, economic security, and public health.

The report revealed that Chinese hackers have exfiltrated diagrams and documentation related to operational technology, including SCADA systems, relays, and switchgear, which are crucial for understanding and potentially impacting critical infrastructure systems. Additionally, Volt Typhoon actors have had the capability to access camera surveillance systems at critical infrastructure facilities.

The U.S. government and the Five Eyes intelligence-sharing alliance first publicly disclosed the existence of Volt Typhoon in May after detecting activity in Guam and the United States. The Chinese state hacking group has been active since mid-2021, and the report notes that their “strong operational security” has allowed them to penetrate networks without detection for years.

This revelation comes amid growing concerns about Chinese territorial ambitions for Taiwan and the South China Sea, with Chinese President Xi Jinping ordering the military to be capable of invading Taiwan by 2027. Cybersecurity experts have observed increased sophistication in Chinese state hackers, possibly due to a Beijing law that requires mandatory disclosure of vulnerability reports to the government.

The advisory emphasized that Volt Typhoon typically attacks victim environments through known or zero-day vulnerabilities and conducts extensive reconnaissance operations to learn about the organization’s staff, security practices, and overall network structure. Their goal is often to gain admin credentials and eventually achieve full domain compromise, enabling them to carry out meticulous post-exploitation intelligence collection operations and disrupt victim networks while evading detection.

FBI Director Christopher Wray testified that Chinese hackers were preparing “to wreak havoc and cause real-world harm to American citizens and communities” if Beijing launches an invasion against Taiwan. The FBI director told the House Select Committee on the Chinese Communist Party that U.S. officials had dismantled Volt Typhoon’s malware from “hundreds” of victims’ personal routers in homes and small businesses across the country.

The Chinese hackers have exploited vulnerabilities in popular commercial networking appliances from organizations such as Fortinet, Citrix, and Cisco, and have targeted and collected information on operational technology systems, which are the highly sensitive systems that run the physical processes at the heart of critical infrastructure.

In conclusion, the advisory warns that China’s targeting of critical infrastructure sectors in the U.S. reflects similar actions that foreign adversaries have taken against Ukraine throughout Russia’s deadly invasion. The revelation of Volt Typhoon’s forays into OT systems justifies concerns about their serious threat, highlighting the need for critical infrastructure operators to take immediate steps to secure their networks against potential exploitation by threat actors like Volt Typhoon.

Source link

Latest articles

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...

NPM Ecosystem Faces Two New Supply Chain Compromises

Malicious Code Discovered in npm Packages: A Growing Threat In a troubling development within the...

More like this

OkoBot Malware Exploits ClickFix and SeedHunter to Steal Seed Phrases from Ledger and Trezor Devices

A newly identified malware framework known as OkoBot has emerged, specifically targeting cryptocurrency users...

Why AI in Healthcare Requires Enhanced Data Oversight

Attorney Jordan Cohen of Akerman Addresses AI Challenges in Healthcare In a rapidly evolving landscape...

When 80,000 Fans Log On at Once: Unique Cybersecurity Issues of the 2026 World Cup

In light of the imminent 2026 World Cup, which will unfold across sixteen cities...