Th U.S. cybersecurity watchdog Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), and Federal Bureau of Investigation (FBI) has warned federal agencies about a possible cyber attack by Chinese state-sponsored cyber group Volt Typhoon.
The CISA warned that cyber actors sponsored by states are attempting to establish early presence on IT networks, potentially for disruptive or destructive cyberattacks against critical infrastructure in the United States during significant crises or conflicts with the nation.
The Chinese cyber group has compromised the IT environments of multiple critical infrastructure organizations — primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors in the U.S. as well as in territories such as Guam, according to the advisory issued by CISA.
“Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions,” it reads.
Last month, CISA issued an emergency directive, instructing all federal agencies to safeguard against a critical vulnerability in a widely-used software program. The software employed by agencies is known as Ivanti Connect Secure, which enables federal government employees to connect to work remotely.
A critical vulnerability in the program, initially identified by the cybersecurity company Volexity in December, poses a serious threat by providing hackers substantial access to businesses or government agencies using it, and allows for the establishment of additional back doors for future access.