Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

FBI and DOJ Disrupt Chinese Hacking Operation

Cyberespionage Hacking Group Volt Typhoon Targeting US Critical Infrastructure
FBI and DOJ Disrupt Chinese Hacking Operation
The Hsieh-ho Power Plant in Keelung City is part of Taiwan's critical infrastructure and a potential target for Chinese nation-state hackers. (image: Shutterstock)

The U.S. government dismantled the infrastructure of Chinese state-sponsored hacking group Volt Typhoon in a public counteraction after the group targeted U.S. critical infrastructure.

See Also: The Evolution of Online Fraud in 2023 and Best Practices to Plug the Gaps

An unnamed source told Reuters that the Department of Justice and the FBI sought and received a court order to remotely disable a Volt Typhoon hacking campaign that was first identified by Microsoft in March 2023.

Law enforcement remotely incapacitated certain elements of the hacking campaign in response to fears the group might be able to "remotely disrupt crucial facilities in the Indo-Pacific region, which, in some capacity, are involved in supporting or servicing U.S. military operations," Reuters reported.

According to CNN, the court order allowed the Justice Department to update susceptible software on numerous U.S. devices that had been at risk of Chinese hacking.

The Cybersecurity and Infrastructure Security Agency published an advisory in mid-2023 highlighting a cluster of noteworthy activities by Volt Typhoon and noting its tactics and targets had evolved.

Volt Typhoon last month compromised superseded Cisco routers to target government entities in the United States, the United Kingdom and Australia.

Cyberespionage hackers from Beijing used vulnerabilities that had been initially disclosed in early 2019 to build a botnet comprising Cisco small office and home office routers, as reported by SecurityScorecard in January.

The cybersecurity firm said that over a 37 days, it observed Volt Typhoon, also referred to as Bronze Silhouette, successfully compromise nearly one-third of the susceptible Cisco routers.

Reuters reported that the recent activity by the hacking group had alarmed intelligence officials, who said "it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities."

"The actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down," John Hultquist, chief analyst at Mandiant Intelligence, Google Cloud, told Information Security Media Group.

In December, Black Lotus Labs spotted Volt Typhoon activity. It said hackers had used Netgear ProSafe firewalls from July 2022 through February 2023 to act as relay nodes for networks compromised by the Chinese state hackers.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.