In a joint initiative, The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a cybersecurity advisory in early February, triggering a survey of several concerns brought to their attention. This advisory responds to American agencies’ observations who are mandated with addressing incidents that have hampered critical-infrastructure organizations.
The alert expresses concern over Volt Typhoon, a state-endorsed cyber collective recognized for their preparation of potentially harmful cyberattacks on crucial U.S. infrastructure in the face of a serious crisis or confrontation with the U.S.
Seemingly, Volt Typhoon has invaded the IT ecosystems of numerous critical infrastructure organizations. These include the U.S. Department of Energy, the U.S. Environmental Protection Agency, and the U.S. Transportation Security Administration, as well as several governmental cybersecurity agencies from Australia, Canada, the U.K., and New Zealand. The intrusion has caused alarm among the primary sectors of communications, energy, transport, and water and wastewater systems in both continental and non-continental territories of the United States, including Guam.
Yet, this is not a threat exclusive to US interests. The review reveals lower potential threats to Canada’s crucial infrastructure but suggests potential implications due to cross-border integration should U.S. critical facilities become impaired. Moreover, Australia and New Zealand are not insulated from the risk, with their critical infrastructures also being vulnerable.
According to the warning, Volt Typhoon employs valid online accounts and robust operational security, permitting the group to create an undiscovered persistence that could stand the test of time. Alarmingly, the advisory indicated that access to compromised IT environments by Volt Typhoon actors has been maintained in some instances for extended spans of time, occasionally lasting several years.
To avoid such eventualities, the alert recommended that organizations in the realm of critical infrastructure implement mitigations and routinely hunt for any malicious activity. Should any illicit actions be detected, they must be reported to an appropriate agency immediately.