Chinese Hackers Operated Undetected In Critical US Networks

Uploaded on 2024-02-13 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, TECHNOLOGY--Hackers

Over 100 websites disguised as local news outlets in Europe, Asia and Latin America are promoting pro-China propaganda in a widespread influence campaign linked to a Chinese public relations firm, according to the Toronto University cyber research institute, Citizen Lab.

The propaganda material appears spread over websites in 30 countries, and interspersed with news aggregated material from local news outlets and Chinese state media, according to a recent  research report from Citizen Labs' Alberto Fittarelli

The US government has also said recently that the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded in some critical US infrastructure networks for at least five years. Targets of these hacks include communications, energy, transportation, and water and wastewater systems sectors in the US with the goal of unleashing chaos if China were ever to confront the US during a major crisis or conflict. "Volt Typhoon's choice of targets and pattern of behaviour is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the US government has said. 

The objective to pre-position themselves on IT networks by maintaining persistence and understanding the target environment over time for disruptive or destructive cyber attacks against US critical infrastructure in the event of a major crisis or conflict.

The joint advisory, which was released by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), was also backed by other nations that are part of the Five Eyes (FVEY) intelligence alliance comprising Australia, Canada, New Zealand, the UK.

Volt Typhoon, which is also called Bronze Silhouette, Insidious Taurus, UNC3236, Vanguard Panda, or Voltzite, a stealthy China-based cyber espionage group that's believed to be active since June 2021.

This situation became clear in May 2023 when FVEY and Microsoft said that the hacking crew managed to establish a persistent foothold into critical infrastructure organisations in the US and Guam for extended periods of time sans getting detected by principally leveraging living-off-the-land techniques. "This kind of tradecraft, known as 'living off the land,' allows attackers to operate discreetly, with malicious activity blending in with legitimate system and network behaviour making it difficult to differentiate, even by organisations with more mature security postures," the UK National Cyber Security Centre (NCSC) said.

The ultimate goal of the campaign is to retain access to the compromised environments, "methodically" re-targeting them over years to validate and expand their unauthorised accesses. This meticulous approach, per the agencies, is evidenced in cases where they have repeatedly exfiltrated domain credentials to ensure access to current and valid accounts. "In addition to leveraging stolen account credentials, the actors use LOTL (Living Off The Land) techniques and avoid leaving malware artifacts on systems that would cause alerts," CISA, FBI, and NSA said.

"Their strong focus on stealth and operational security allows them to maintain long-term, undiscovered persistence. Further, Volt Typhoon's operational security is enhanced by targeted log deletion to conceal their actions within the compromised environment." according to the joint statement. 

In response to enquiries, a spokesman at China's US embassy in Washington commented "it is a typical bias and double standard to allege that the pro-China contents and reports are 'disinformation."

Citizen Lab:     CISA:     CISA:    NCSC:     Crowdstrike:     Reuters:     Hacker News:    ABC:   PCMag

Image: Curtis Polvin

You Might Also Read: 

Chinese Hacking Campaign Targets US Critical Infrastructure:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« DDoS Attacks In Poland Have Spiked As New Government Takes Office
The US Makes Robocalls Illegal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Early Warning Services

Early Warning Services

Early Warning Services identity, authentication and payment solutions empower financial institutions to make confident decisions, enable payments and mitigate fraud.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Cytelligence

Cytelligence

Cytelligence is a cyber security consulting company with deep expertise in Cyber Breach Response, Cyber Breach Investigations, and Digital Forensics.

Abacode

Abacode

Abacode is a Managed Security Services Provider (MSSP). We help businesses consolidate all of their Regulatory Compliance & Cybersecurity needs, under one roof.

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

NetApp Excellerator

NetApp Excellerator

NetApp Excellerator is NetApp’s global start-up program that aims to fuel innovation by partnering with deep-tech start-ups.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.