Chinese Hackers Operated Undetected In Critical US Networks

Over 100 websites disguised as local news outlets in Europe, Asia and Latin America are promoting pro-China propaganda in a widespread influence campaign linked to a Chinese public relations firm, according to the Toronto University cyber research institute, Citizen Lab.

The propaganda material appears spread over websites in 30 countries, and interspersed with news aggregated material from local news outlets and Chinese state media, according to a recent  research report from Citizen Labs' Alberto Fittarelli

The US government has also said recently that the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded in some critical US infrastructure networks for at least five years. Targets of these hacks include communications, energy, transportation, and water and wastewater systems sectors in the US with the goal of unleashing chaos if China were ever to confront the US during a major crisis or conflict. "Volt Typhoon's choice of targets and pattern of behaviour is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the US government has said. 

The objective to pre-position themselves on IT networks by maintaining persistence and understanding the target environment over time for disruptive or destructive cyber attacks against US critical infrastructure in the event of a major crisis or conflict.

The joint advisory, which was released by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), was also backed by other nations that are part of the Five Eyes (FVEY) intelligence alliance comprising Australia, Canada, New Zealand, the UK.

Volt Typhoon, which is also called Bronze Silhouette, Insidious Taurus, UNC3236, Vanguard Panda, or Voltzite, a stealthy China-based cyber espionage group that's believed to be active since June 2021.

This situation became clear in May 2023 when FVEY and Microsoft said that the hacking crew managed to establish a persistent foothold into critical infrastructure organisations in the US and Guam for extended periods of time sans getting detected by principally leveraging living-off-the-land techniques. "This kind of tradecraft, known as 'living off the land,' allows attackers to operate discreetly, with malicious activity blending in with legitimate system and network behaviour making it difficult to differentiate, even by organisations with more mature security postures," the UK National Cyber Security Centre (NCSC) said.

The ultimate goal of the campaign is to retain access to the compromised environments, "methodically" re-targeting them over years to validate and expand their unauthorised accesses. This meticulous approach, per the agencies, is evidenced in cases where they have repeatedly exfiltrated domain credentials to ensure access to current and valid accounts. "In addition to leveraging stolen account credentials, the actors use LOTL (Living Off The Land) techniques and avoid leaving malware artifacts on systems that would cause alerts," CISA, FBI, and NSA said.

"Their strong focus on stealth and operational security allows them to maintain long-term, undiscovered persistence. Further, Volt Typhoon's operational security is enhanced by targeted log deletion to conceal their actions within the compromised environment." according to the joint statement. 

In response to enquiries, a spokesman at China's US embassy in Washington commented "it is a typical bias and double standard to allege that the pro-China contents and reports are 'disinformation."

Citizen Lab:     CISA:     CISA:    NCSC:     Crowdstrike:     Reuters:     Hacker News:    ABC:   PCMag

Image: Curtis Polvin

You Might Also Read: 

Chinese Hacking Campaign Targets US Critical Infrastructure:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« DDoS Attacks In Poland Have Spiked As New Government Takes Office
The US Makes Robocalls Illegal »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

SGBox

SGBox

SGBox is a highly flexible and scalable solution for IT security. Choose the modules which your company needs and implement it without any modification to your network infrastructure.

National Cybersecurity Student Association (NCSA) - USA

National Cybersecurity Student Association (NCSA) - USA

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

National Cybersecurity Preparedness Consortium (NCPC) - USA

National Cybersecurity Preparedness Consortium (NCPC) - USA

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Cyber Legion

Cyber Legion

Cyber Legion Ltd is a UK-based Cyber Security as a Service (CSaaS) start-up that provides IT security testing services to various organizations around the globe.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

Anchor Technologies Inc (ATI)

Anchor Technologies Inc (ATI)

Anchor provides a full spectrum of cybersecurity services assisting our clients with all aspects of cybersecurity risk planning, identification, management, and monitoring.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

Freeze

Freeze

Freeze prevents attacks before they can start by finding, removing, and stopping the spread of information about your organization and employees.