We want to make sure you get the best viewing experience for the content you are viewing.  Our goal is to improve each visit with data that creates this experience for you and those you share it with. We appreciate your continued readership.     

China had “persistent” access to U.S. critical infrastructure

China-backed hackers have had access to some major U.S. critical infrastructure for “at least five years,” according to an intelligence advisory released Wednesday.

Why it matters: The hacking campaign laid out in the report marks a sharp escalation in China’s willingness to seize U.S. infrastructure — going beyond the typical effort to steal state secrets.

  • The advisory provides the fullest picture to-date of how a key China hacking group has gained and maintained access to some U.S. critical infrastructure.

Details: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation released an advisory Wednesday to warn critical infrastructure operators about China’s ongoing hacking interests.

  • According to the advisory, China-backed hacking group Volt Typhoon has been exploiting vulnerabilities in routers, firewalls and VPNs to target water, transportation, energy and communications systems across the country.
  • The group has relied heavily on stolen administrator credentials to maintain access to the systems — and in some cases it has maintained access for “at least five years,” per the advisory.
  • Volt Typhoon has been seen controlling some victims’ surveillance camera systems, and its access could have allowed the group to disrupt critical energy and water controls.

Of note: Volt Typhoon uses so-called “living off the land” techniques that limit any trace of their activities on a network — making the actors more difficult to detect.

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts