February 7, 2024 China-backed hacking group Volt Typhoon has been identified as having “persistent” access to various sectors of U.S. critical infrastructure for “at least five years,” marking a concerning escalation in cyber threats. Targeting essential services such as water, transportation, energy, and communications, the hackers have exploited vulnerabilities in routers, firewalls, and VPNs. Utilizing stolen administrator credentials, Volt Typhoon’s operations pose a significant risk of disruption to critical systems.

The U.S. Cybersecurity and Infrastructure Security Agency, along with the National Security Agency and the Federal Bureau of Investigation, issued an advisory highlighting the need for critical infrastructure operators to fortify their cybersecurity measures. Volt Typhoon’s tactics include “living off the land” techniques, which complicate detection efforts by using the network’s own tools and processes against it.

This advisory comes amid growing concerns that China might leverage such cyber intrusions in strategies related to geopolitical tensions, notably the situation with Taiwan. Collaborative efforts from intelligence agencies in Canada, Australia, and New Zealand have also been noted, indicating a broader concern for global critical infrastructure security.

U.S. officials are urging operators to implement security best practices, such as applying software updates, enabling multi-factor authentication, and maintaining activity logs to monitor suspicious behavior. This situation underscores the vulnerabilities in U.S. critical infrastructure and the imperative for comprehensive cybersecurity defenses.

Sources include: Axios