A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
U.S. cyber officials said they have discovered China-sponsored hackers lurking in critical American computer networks for several years, positioning themselves to disrupt communications, energy, transportation and water systems.
The new joint warning about China’s Volt Typhoon cyberattackers from the FBI, National Security Agency and the Cybersecurity Infrastructure and Security Agency comes as a result of their work responding to breaches of U.S. systems.
Coordinating with allies across the globe, the U.S. notice Wednesday was cosigned by cybersecurity officials in Britain, Canada, Australia and New Zealand.
“The U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” CISA said in a cybersecurity advisory on Wednesday.
The Volt Typhoon cyberattackers infiltrated the computer systems of multiple organizations in such critical infrastructure sectors as communications, energy, transportation and water within the continental U.S. as well as American territories such as Guam, according to U.S. officials.
The advisory said that hackers conduct “extensive pre-exploitation reconnaissance” to learn about their targets and continue to do so after getting inside a victim’s network.
After gaining access to the IT environments that manage businesses, the cyberattackers lie low and look for ways to move laterally into operational technology systems that run the targets’ functions, such as managing water flow.
“Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions,” the CISA advisory said.
In Ottawa, Canada’s cyber officials assessed their country’s systems faced a lower threat than the U.S. but said if the U.S. gets hit, Canada will likely feel the effects as well.
Australia and New Zealand’s officials said their critical infrastructure systems appeared vulnerable too.
The leaders of the FBI, NSA, and CISA testified before the House Select Committee on the Chinese Communist Party last week about the latest dangers posed by the Volt Typhoon hackers.
FBI Director Christopher A. Wray said at the hearing that federal officials conducted an operation against Volt Typhoon, which the Justice Department said last week disrupted China’s efforts to breach critical systems that could be used as leverage in a future crisis.
Please read our comment policy before commenting.