Urgent call by Five Eyes for critical infrastructure leaders to heed potential threats from China-linked entities seriously

Urgent call by Five Eyes for critical infrastructure leaders to heed potential threats from China-linked entities seriously

In a recent development, the Five Eyes intelligence alliance has issued a warning about the urgent risk posed by a cyber threat group known as Volt Typhoon to critical infrastructure organizations. The group is believed to be operating under the auspices of the Chinese government, and their primary objective is to gain long-term, stealthy access to critical U.S. infrastructure.

The technique used by Volt Typhoon, known as living off the land, enables threat actors to evade detection. Unlike traditional cyberattacks that rely on malware, Volt Typhoon does not rely on external tools. Instead, they use built-in functions of a system to maintain access and conduct their activities.

The urgency regarding Volt Typhoon lies in its potential to disrupt critical infrastructure networks, particularly in the event of a conflict over Taiwan. The group has already embedded itself into numerous transportation, energy, communications, and water and wastewater systems, as detailed in a February warning from the Five Eyes.

Despite previous failures to maintain this persistent presence, the broader implication supports the urgent concern. Volt Typhoon represents a strategic cyber operation by China explicitly targeting U.S. critical infrastructure as part of a potential contingency against military conflict over Taiwan. The attack is part of a larger pattern of Chinese cyber operations, underscoring the threat to national security and critical communications infrastructure.

The U.S. response, including legislative approval of the Intelligence Authorization Act, signals a turning point emphasizing proactive cybersecurity defenses against such state-sponsored threats.

To protect themselves against living off the land techniques used by Volt Typhoon, critical infrastructure organizations need a comprehensive and multifaceted approach. This includes continuous training and regular tabletop exercises, establishing strong vendor risk management processes, and following secure-by-design principles when selecting vendors.

Detecting and mitigating living off the land techniques requires consistent logging for access and security, and logs should be stored in a central system. The Five Eyes also advise organizations to follow CISA's cybersecurity performance goals and guidance from their respective sector-risk management agencies.

The warning coincides with an urgent request for U.S. governors to shore up water security. The White House and Environmental Protection Agency have called for governors to send health, environmental, and homeland security officials to a virtual meeting on Thursday.

The full extent of the Volt Typhoon campaign remains unknown, according to NSA Cyber Director Rob Joyce, who is retiring at the end of this month. However, the urgency in the warning indicates that the agencies involved consider this a serious, evolving threat requiring sustained vigilance and coordinated defense.

The warning was issued on Tuesday and was accompanied by a call for leaders to defend their systems against the China state-sponsored threat actor. The urgency in this matter cannot be overstated, as the potential for disruption to critical infrastructure networks could have far-reaching consequences.

1. In light of the warning issued by the Five Eyes about Volt Typhoon, a cyber threat group suspected of operating under the Chinese government, the importance of effective risk management in cybersecurity, particularly for critical infrastructure organizations, has become crucial.
2. The technique employed by Volt Typhoon, known as living off the land, presents a unique challenge in cybersecurity as it enables threat actors to evade detection by utilizing built-in functions of a system, rather than relying on malware.
3. The potential impact of Volt Typhoon extends beyond traditional cybersecurity concerns, reaching into the realm of politics, as the group's activities could disrupt critical infrastructure networks, particularly in a conflict over Taiwan.
4. To navigate the evolving threats posed by groups like Volt Typhoon, finance, technology, and general-news sectors need to collaborate and adopt a proactive approach that emphasizes continuous training, vendor risk management, and secure-by-design principles. This coordinated effort could serve as a critical line of defense against state-sponsored cyber threats.

Read also: