Why it matters: The hacking campaign laid out in the report marks a sharp escalation in China’s willingness to seize U.S. infrastructure — going beyond the typical effort to steal state secrets.

• The advisory provides the fullest picture to-date of how a key China hacking group has gained and maintained access to some U.S. critical infrastructure.

Details: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation released an advisory Wednesday to warn critical infrastructure operators about China’s ongoing hacking interests.

• According to the advisory, China-backed hacking group Volt Typhoon has been exploiting vulnerabilities in routers, firewalls and VPNs to target water, transportation, energy and communications systems across the country.
• The group has relied heavily on stolen administrator credentials to maintain access to the systems — and in some cases it has maintained access for “at least five years,” per the advisory.
• Volt Typhoon has been seen controlling some victims’ surveillance camera systems, and its access could have allowed the group to disrupt critical energy and water controls.

Of note: Volt Typhoon uses so-called “living off the land” techniques that limit any trace of their activities on a network — making the actors more difficult to detect.

READ MORE

China had “persistent” access to U.S. critical infrastructure was originally published on Global Security Review.