Microsoft and the National Security Agency (NSA) have confirmed the activities of the Chinese hacking group Volt Typhoon, believed to have connections to the Chinese government. The group has been involved in installing surveillance malware on critical systems, including Guam and other locations in the United States. The operation, which began in mid-2021, has targeted government agencies, as well as sectors such as telecommunications, manufacturing, and education.
Investigators have noted that Volt Typhoon employs stealth techniques as a priority. They utilize “living off the land” methods, leveraging existing resources within the operating system and conducting direct “hands-on-keyboard” actions. By using the command line to scrape credentials and other sensitive data, the group archives the information and employs it to maintain persistence on the victim’s system. They also attempt to conceal their activities by routing data traffic through network hardware in small offices and home offices under their control, including routers. The group uses proxies, and other means to establish command-and-control channels, further obfuscating their operations.
While there have been no reported attacks utilizing this particular malware, the web shell-based approach poses a significant threat to infrastructure. In response, Microsoft and the NSA have released information to aid potential victims in detecting and removing Volt Typhoon’s activity. They caution that closing or modifying affected accounts may prove challenging.
According to a US government official cited by The New York Times, the incursion into Guam is part of a broader Chinese intelligence-gathering initiative that includes activities such as a spy balloon crossing a US nuclear facility earlier this year. Guam serves as a critical base for the United States in responding to potential Chinese incursions into Taiwan, and it is a vital hub for ships navigating the Pacific Ocean.
In light of these developments, the Biden administration is intensifying efforts to protect critical infrastructure and establish common security requirements. The United States has experienced multiple attacks on essential systems in recent years, including those targeting gas pipelines and meat producers. The discovery of malware such as the Volt Typhoon raises concerns about the potential risks to the US military during crucial moments.
Addressing these security threats requires a concerted effort to bolster defences and enhance cybersecurity measures across critical sectors. The collaboration between government entities, technology companies like Microsoft, and intelligence agencies such as the NSA is crucial in safeguarding national interests and maintaining the integrity of vital systems against sophisticated hacking groups backed by nation-states.