Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » All about Volt Typhoon, the Chinese hacking group, IT Security News, ET CISO

All about Volt Typhoon, the Chinese hacking group, IT Security News, ET CISO

All about Volt Typhoon, the Chinese hacking group, IT Security News, ET CISO

China is developing the “ability to physically wreak havoc” on US critical infrastructure and its hackers are waiting “for just the right moment to deal a devastating blow”, FBI Director Christopher Wray said on Thursday.

The comments were in relation to a Chinese government-linked hacking campaign dubbed Volt Typhoon. The campaign was disclosed by the US and its key allies in May 2023, when analysts at Microsoft found it had targeted everything from US telecommunication networks to transportation hubs.

On Thursday, Wray said Volt Typhoon had successfully gained access to American targets across the telecommunications, energy, water and other critical sectors.

Here is what is known about Volt Typhoon and its potential threat:

‘Future crises’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”

Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan.

Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

Taiwan botnet

Does this mean a group of destructive hackers is preparing to sabotage US infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.

It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks into more sensitive targets. This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because they limit the visibility of cyber defenders that monitor for foreign footprints in their computer networks.

In a report earlier this month, cybersecurity ratings firm SecurityScorecard said Cisco Systems devices were particularly vulnerable to Volt Typhoon’s activity. The firm said it had identified a “network of covert infrastructure operating in Europe, North America, and Asia Pacific that appears to be composed of compromised routers and other network edge devices”.

Stealthy storm

Nearly all cyber spies work to cover their tracks. The use of so-called botnets by both government and criminal hackers to launder their cyber operations is not new. The approach is often used when an attacker wants to quickly target numerous victims simultaneously or seeks to hide their origins.

China routinely denies hacking and has done so in the case of Volt Typhoon. But documentation of Beijing’s cyberespionage campaigns has been building for more than two decades. The spying has come into sharp focus over the past 10 years as Western researchers tied breaches to specific units within the People’s Liberation Army, and US law enforcement charged a string of Chinese officers with stealing American secrets.

Secureworks, an arm of Dell Technologies, said in a blog post last year that Volt Typhoon’s interest in operational security likely stemmed from embarrassment over the drumbeat of US indictments and “increased pressure from (Chinese) leadership to avoid public scrutiny of its cyberespionage activity.”

The Biden administration has increasingly focused on hacking, not only for fear nation states may try to disrupt the US election in November, but because ransomware wreaked havoc on Corporate America in 2023.

  • Published On Apr 20, 2024 at 10:36 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles


Scan to download App

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket