Introduction:
China has been conducting aggressive cyber operations to steal sensitive data and disrupt critical communications infrastructure of the United States and its allies.
Recently, Chinese-backed hackers breached technology systems belonging to the U.S. Navy, targeting its assets on Guam, a strategic island in the Pacific.
This blog post will explain what we know about this hack, why it matters for America’s security and peace through strength, and what we can do to protect ourselves from such threats.
Americans for a Stronger Navy is a community-driven and membership-supported organization that advocates for policies and legislation that support the Navy’s ability to meet the challenges of a rapidly changing global security environment.
We believe that a strong and capable U.S. Navy is essential for protecting America’s interests and ensuring peace through strength. Join us today and help us promote a stronger navy for a safer world.
Summary:
The hack was carried out by a group called Volt Typhoon, which used legitimate credentials and small-office routers to gain access to the systems.
The hackers aimed to develop capabilities that could disrupt communications between the United States and Asia in a crisis. The Navy confirmed that it was impacted by the hack, but did not reveal the extent of the damage.
The United States and its allies issued a joint advisory on how to detect and prevent similar intrusions.
In this blog post, we will answer the following questions:
Who is behind the hack? A brief overview of the group’s history, motives, and techniques.
What was affected by the hack? A description of the infrastructure and sectors targeted by the hack, especially the Navy’s assets on Guam and their importance for regional security.
What’s being done to prevent or respond to the hack? A summary of the responses and actions taken by the United States and its allies, including Microsoft, the Five Eyes intelligence sharing organization, and the Cybersecurity and Infrastructure Security Agency.
Answers
Who is behind the hack? The hack was carried out by a group called Volt Typhoon, which is believed to be a state-sponsored actor based in China that typically focuses on espionage and information gathering.
The group has been active since at least 2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. Volt Typhoon uses legitimate credentials and small-office routers to gain access to the systems, disguising their origin and activity.
They also use custom versions of open-source tools to establish a command and control channel over proxy. The Chinese government has denied any involvement in the hack, calling it a “collective disinformation campaign” by the United States and its allies.
What was affected by the hack? The hack targeted key infrastructure like communications, electric and gas utilities, manufacturing, transportation, construction, maritime, government, information technology, and education sectors. The hackers aimed to develop capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
One of the main targets was the U.S. Navy’s infrastructure on Guam, a strategic island in the Pacific that hosts several military installations, including B-52 bombers and submarines. Guam is a vital part of the U.S. military’s strategy in the region, as it provides access to resources and markets, protects sea lanes of communication, and supports humanitarian aid in times of crisis.
What’s being done to prevent or respond to the hack?
- Microsoft was the first to report on the hack and identify Volt Typhoon as the perpetrator.
- Microsoft contacted all groups affected by the hack and provided guidance on how to detect and mitigate this malicious activity
- The cybersecurity agencies of the Five Eyes member nations (the United States, United Kingdom, Canada, Australia and New Zealand) issued a joint advisory on how to prevent or respond to similar intrusions.
- One of the agencies involved in issuing the advisory was the Cybersecurity and Infrastructure Security Agency (CISA), which also published a statement highlighting China’s continued use of sophisticated means to target America’s critical infrastructure. CISA director Jen Easterly said in a statement:
“For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe. Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity.” – CISA director Jen Easterly
- The advisory contains a hunting guide for the tactics, techniques, and procedures used by Volt Typhoon.
- The Cybersecurity and Infrastructure Security Agency (CISA) also published a statement highlighting China’s continued use of sophisticated means to target America’s critical infrastructure. CISA urged network defenders to implement best practices such as patching vulnerabilities, enforcing strong passwords, monitoring network activity, and reporting incidents.
Key takeaways:
- China is pursuing cyber warfare as a means of challenging America’s interests and influence in the Asia-Pacific region.
- The hack exposed vulnerabilities in America’s communications systems and naval infrastructure, which could have serious consequences in a conflict scenario.
- The United States needs to invest more in strengthening its cyber defenses and resilience, as well as enhancing its naval capabilities and readiness.
Conclusion:
The hack by Volt Typhoon is a wake-up call for America and its allies to take China’s cyber threats seriously.
A strong and capable U.S. Navy is essential for protecting America’s security and ensuring peace through strength. Americans for a Stronger Navy is a community-driven and membership-supported organization that advocates for policies and legislation that support the Navy’s ability to meet the challenges of a rapidly changing global security environment.
Join us today and help us promote a stronger navy for a safer world.
Sources:1: https://strongernavy.org/2: https://www.wionews.com/world/explained-everything-about-volt-typhoon-china-backed-hackers-targeting-critical-us-infrastructure-5962633: https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/4: https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html
: https://www.reuters.com/technology/what-is-volt-typhoon-alleged-china-backed-hacking-group-2023-05-25/