Related Articles
The China-based hacking group, known as Volt Typhoon, has spied on US critical infrastructure, Microsoft announced.
Volt Typhoon has been operative since 2021, when it targeted a US air base in Guam, raising alarms over the hacker group’s efforts to block a US military response in the event of a Chinese invasion of Taiwan.
Microsoft believes with ‘moderate confidence’ that the Volt Typhoon campaign aims at disrupting ‘critical communications infrastructure between the US and Asia region during future crises’, according to Microsoft’s blog post.
Volt Typhoon’s campaign typically targets organisations from the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The techniques it deploys involves conducting espionage and maintaining access while remaining undetected for as long as possible.
Marc Burnard, senior consultant at Secureworks, told Verdict that Volt Typhoon, also known as BRONZE SILHOUETTE, acts differently to many China-based cyber-threat groups. Secureworks’ Counter Threat Unit researchers have been watching the hack group’s behavior closely.
Burnard explained that the group does not appear to be targeting businesses for intellectual property theft purposes. In fact, Burnard said, ‘it focuses on operational security by using native Windows tools and stolen credentials in their intrusions in an attempt to remain undetected for as long as possible within a compromised network’.
David Bicknell, principal analyst for thematic intelligence at GlobalData, told Verdict that the two major UK breaches this year demonstrate the need for management and understanding of the initial impact on targeted companies and their partners, their operations, the regulatory fallout, and any reputational damage.
“Royal Mail was hit by an attack on the 10th of January and it took until late February for all services to be fully restored. So instead of focusing attention on the year’s business priorities, Royal Mail management’s attention had to be in recovery mode. The outsourcing company Capita was hit by a data breach in March, and has since found regulators asking questions to ascertain what hackers may have accessed. Once an attack has occurred, the fallout begins, and it doesn’t dissipate too quickly,” Bicknell said.
Mike Orme, GlobalData’s consultant analyst, told Verdict: “As the cyber ‘attack Zone’ keeps on broadening and deepening and the level of government and corporate cyber security hygiene remains low, the hackers and spies whether from China, the US, North Korea, Iran, Nigeria, or Russia or in the form of gifted teenagers operating from their bedrooms remain ahead of the game.”
Orme said that the best defence against cyberattacks is rudimentary: “Raise those hygiene levels. For example, make sure all staff and supplier passwords are changed frequently and different use passwords for different accounts and make sure that all parties’ software is updated. Also run regular, mandatory attendance briefings for all staff and suppliers on cyber-security with examples of new threats,” Orme said.
Burnard advised that businesses should ensure that they have visibility across their network including host telemetry, such as process creation, and robust countermeasures to detect malicious activity. “While BRONZE SILHOUETTE aims for stealth such as their use of native Windows tools, it should be possible in many cases to differentiate the threat groups use of native Windows tools and legitimate use of the same tools by a network administrator,” said Burnard.
Liam Follin, team leader & consultant at Pentest People, told Verdict that the discovery of the hacking operation reminds businesses to take cybersecurity seriously. ‘It doesn’t matter if it’s a nation state sponsored actor, or a ransomware gang looking to make a buck, the results are much the same: businesses lose. They lose money, or they lose reputation, or patents, or any of the myriad other ways a hacker or hackers can cause damage to a business,’ said Follin.
