Read at Theregister
The US government has officially confirmed that China's Volt Typhoon has successfully compromised multiple critical infrastructure organizations' IT networks and is now preparing to launch disruptive or destructive cyberattacks on these targets. The group has primarily targeted sectors such as communications, energy, transportation systems, and water and wastewater systems across the continental United States and its territories. The 12 government agencies involved in the warning assessed with high confidence that Volt Typhoon's behavior and choice of targets indicate they are preparing to disrupt functions rather than engage in traditional cyber espionage.
"Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the 12 government agencies warned.
The US agencies involved in the warning include the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), and international partners from Australia, Canada, the United Kingdom, and New Zealand. It is believed that Volt Typhoon may use the compromised network access to launch disruptive attacks in the event of geopolitical tensions or military conflicts. This warning from the US government follows a similar one from the FBI Director Christopher Wray last week, who stated that Chinese attackers were preparing to "wreak havoc" on American infrastructure. The Justice Department also disclosed that Volt Typhoon had infected hundreds of outdated Cisco and Netgear equipment with malware in an attempt to gain access to US critical infrastructure.
This follows last week's similar warning from FBI Director Christopher Wray that Chinese attackers are preparing to "wreak havoc" on American infrastructure, and the Justice Department's disclosure that Volt Typhoon infected "hundreds" of outdated Cisco and Netgear equipment with malware in an attempt to break into US critical infrastructure.