NSA and Allies Uncover Extensive Chinese Cyber Campaign Targeting U.S. Critical Infrastructure
In an unprecedented collaborative effort, the National Security Agency (NSA), along with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other federal entities, have unveiled a Cybersecurity Advisory (CSA) focused on the overt threats posed by the People’s Republic of China (PRC) towards U.S. critical infrastructure sectors.
The advisory, titled “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure,” lays bare the operations of a PRC-backed cyber group, known as Volt Typhoon. This group has systematically infiltrated the information technology (IT) networks of vital U.S. sectors, including communications, energy, transportation, water, and wastewater management, extending to areas under U.S. jurisdiction.
Drawing upon deep-seated intelligence and analysis, the CSA reveals that Volt Typhoon has not merely breached these sectors but has established long-term footholds within them. Their presence, often undetected for extended periods, forms a prelude to potential high-scale, disruptive, or even destructive cyberattacks on operational technology (OT) systems amidst significant tensions or conflicts involving the United States.
“This is a challenge we have been contending with for an extended duration,” remarked Rob Joyce, the NSA’s Director of Cybersecurity. Joyce, who also serves as the Deputy National Manager for National Security Systems (NSS), emphasized the progress made in counteracting these threats. “Our insights into the PRC’s strategic preparations have spurred comprehensive actions within the cyber community, enhancing our capacity to identify, respond to, and mitigate the impacts of these intrusions.”
The advisory underscores that the selection of targets and the behavioral patterns exhibited by Volt Typhoon diverge significantly from conventional cyber espionage or intelligence collection efforts. The group’s ability to infiltrate and manipulate OT systems underscores a sinister potential to disrupt critical operational functions across a broad spectrum of U.S. infrastructure entities.
Accompanying the CSA is a detailed technical guide titled “Identifying and Mitigating Living Off the Land (LOTL).” This document sheds light on the sophisticated tactics employed by Volt Typhoon, particularly their use of LOTL strategies. These tactics enable the actors to stealthily integrate and persist within host networks by exploiting existing tools and protocols, thereby avoiding detection and enhancing their capability for long-term espionage or sabotage.
For those interested in delving deeper into the intricacies of these cyber threats and the strategies recommended to counter them, the full advisory and technical guide offer invaluable insights and practical guidance. They serve as critical resources for IT and cybersecurity professionals tasked with safeguarding the United States’ essential service sectors against these formidable adversaries.
Ensuring the resilience of U.S. critical infrastructure against such state-sponsored cyber threats necessitates a concerted, unified response from public and private sector stakeholders. As we navigate this complex cybersecurity landscape, the collaborative efforts exemplified by the NSA, CISA, FBI, and their partners will be instrumental in fortifying national security and protecting vital societal functions.
To read the full report and technical guide, and to learn more about protecting your systems against sophisticated state-sponsored cyber threats, please visit the dedicated advisory page (link is hypothetical and for illustrative purposes only).
