Priya PatelThe US government has confirmed that China’s Volt Typhoon cyberespionage group has gained access to multiple critical infrastructure organizations’ IT networks in the United States. The group has primarily targeted communications, energy, transportation systems, and water and wastewater system sectors. The US government warns that Volt Typhoon is preparing for disruptive or destructive cyberattacks on these targets. The government agencies that issued the warning include the US Cybersecurity and Infrastructure Security Agency, the US National Security Agency, and the FBI, among others. The agencies believe that Volt Typhoon actors are positioning themselves on IT networks to enable lateral movement to operational technology (OT) assets and disrupt critical functions.
The threat to American critical infrastructure is the highest, but Canada, Australia, and New Zealand could also be affected due to cross-border integration. In response to the threat, the government bodies have issued a list of technical details, observed tactics, techniques, and procedures (TTPs), and recommendations to detect and mitigate the threat posed by Volt Typhoon. They advise implementing patches for vulnerable systems, enabling phishing-resistant multi-factor authentication (MFA), and ensuring robust logging practices.
