A recent collaborative effort led by the United States Cybersecurity and Infrastructure Security Agency (CISA) has unveiled concerning details about the activities of Volt Typhoon, a formidable threat actor targeting critical infrastructure. Joined by international partners from the United Kingdom, Australia, and New Zealand, CISA’s report sheds light on the insidious tactics employed by Volt Typhoon post-infiltration.
The partnership comprised agencies such as the Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the United Kingdom National Cyber Security Centre (NCSC-UK), and the New Zealand National Cyber Security Centre (NCSC-NZ), highlighting a unified global effort to combat cyber threats.
While Volt Typhoon’s primary focus appears to be on American targets, the report serves as a wake-up call to the vulnerability of critical infrastructure worldwide. Specifically, the Australian and New Zealand critical infrastructure sectors are deemed susceptible to similar state-sponsored activities originating from the People’s Republic of China (PRC), according to assessments by ASD’s ACSC and NCSC-NZ.
Mandiant’s Chief Analyst, John Hultquist, elucidates the significance of the report’s findings, emphasising Volt Typhoon’s inclination towards disruptive attacks. Hultquist draws parallels between the actor’s targeting of critical sectors such as water, power, and transportation and similar destabilising activities witnessed in conflict zones like Ukraine.
Of particular concern is Volt Typhoon’s infiltration and reconnaissance efforts targeting operational technology (OT) systems within critical infrastructure networks. These systems, integral to the physical processes underpinning infrastructure operations, are being systematically probed and breached by Volt Typhoon. The implications are severe, as manipulation of OT systems could lead to widespread service disruptions or even pose grave safety risks.
Hultquist underscores the urgency of the situation, asserting that evidence of Volt Typhoon’s incursions into OT systems dispels any doubts about the severity of the threat posed by the actor. Such revelations underscore the critical need for enhanced cybersecurity measures and international collaboration to mitigate the risks posed to essential services and public safety.
The implications of the Volt Typhoon report extend beyond national borders. They serve as a stark reminder of the interconnected nature of cybersecurity threats and the imperative of collective action in confronting them. Governments, businesses, and cybersecurity professionals must unite in a concerted effort to fortify critical infrastructure against the ever-evolving tactics of malicious actors like Volt Typhoon.
In the face of escalating cyber threats, complacency is not an option. The Volt Typhoon report underscores the necessity for proactive measures, information sharing, and sustained vigilance to safeguard critical infrastructure and uphold the security and resilience of societies worldwide.