UK SECURITY AGENCY WARNS OF CHINESE HACKING GROUP ATTACKING UK INFRASTRUCTURE
Various UK cybersecurity agencies have warned critical infrastructure leaders to protect their systems against the ‘Chinese Volt Typhoon’ hacking group.
The infrastructures they target are: aviation, water, energy, transportation, naval ports, internet service providers, communications services and utilities by exploiting vulnerabilities in small and end-of-life routers, firewalls and virtual private networks (VPNs), by often using administrator credentials and stolen passwords, or taking advantage of outmoded technology that has not had regular security updates.
Volt Typhoon works It uses “living off the land” techniques, whereby malware only uses existing resources in the operating system of what it is targeting, rather than introducing a new (and more discoverable) file. The hackers also conducted “extensive pre-compromise reconnaissance” in a bid to avoid detection. For example, in some instances, Volt Typhoon actors may have abstained from using compromised credentials outside of normal working hours to avoid triggering security alerts on abnormal account activities.
Critical infrastructure leaders are urged to follow guidance – information can be found on our CITS cyber security advice page - on specific actions to prioritize the protection of their organization from this threat.
Volt Typhoon (also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite, and Insidious Taurus) is a state-supported Chinese cyber group that has and continues to compromise western critical infrastructure in a bid to pre-position themselves for destructive cyberattacks.
