A recent report from Microsoft and the National Security Agency (NSA) reveals a targeted cyberattack by a Chinese hacking group on critical infrastructure organizations in the United States. The attack was carried out by a state-sponsored group known for espionage and information gathering.
Who is this hacker group going after?
The hacker group, known as Volt Typhoon, is believed to be behind a mysterious computer code that was discovered in telecommunications systems across the United States, including Guam. The presence of this code is concerning due to Guam’s strategic importance in potential military responses to a Taiwan invasion or blockade, given its Pacific ports and significant American air base. The code, referred to as a “web shell,” is a malicious script that grants unauthorized remote access to a server.
Other organizations believed to be affected span various sectors, including information technology, education, communications, maritime, government, manufacturing, utilities, transportation, and construction. The hacking group’s behavior suggests a focus on long-term access and espionage, with an aim to remain undetected within target networks.
Volt Typhoon’s stealthy tactics
Volt Typhoon achieves initial access to their targeted organizations through Fortinet FortiGuard devices. These devices are designed to help protect organizations from cyber threats. However, in this case, the hackers find weaknesses or loopholes in the FortiGuard devices that allow them to break in.
They try to mask their activity by sending data traffic through small business and home office network hardware they control, such as firewalls, routers, and VPN hardware. They also rely on resources already within their operating systems. Once they have gained this initial access, the hackers can then proceed to carry out further malicious activities within the targeted organizations.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
What damage could this all cause?
Volt Typhoon could use their tactics to damage infrastructure plans for the U.S., or it could be part of a larger plan that China is brewing that is connected to the spy balloon that floated across American nuclear sites in late January and early February of this year.
The biggest security concern is for Anderson Air Force Base in Guam. If that gets attacked, it could reveal some much-needed answers to China for a desired attack on Taiwan. Plus, it is a major hub for many of our country’s ships stationed in the Pacific Ocean. Because of these threats, the Biden administration says it will be stepping in to help protect its infrastructure with new security requirement plans.
Following Microsoft’s report, China has vehemently denied the allegations.
MORE: DON’T USE TIKTOK? THE CHINA-OWNED SOCIAL NETWORK MAY STILL HAVE YOUR DATA
Credit: Microsoft
What steps can I take at home?
It is worth mentioning that Microsoft did make a statement about how people can protect themselves by saying,
Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments.”
Although this is likely to help prevent attacks on a much larger scale than individual’s devices, it is a good reminder to take the proper precautionary steps for yourself to protect your data and privacy.
Enable two-factor authentication (2FA)
Whenever possible, enable two-factor authentication for your accounts and devices. This adds an extra layer of security by requiring a secondary verification method, such as a unique code sent to your mobile device in addition to your password.
Keep your software up to date
Regularly update your operating system, web browsers, and other software on your device. These updates often include security patches that address vulnerabilities and protect against known threats.
Watch out for phishing emails and texts
If you get an email or a text message asking you to click a link either to view or verify your information, don’t fall for it. Hackers use this technique all the time to try to fool people. They’ll even pretend to be a real high-ranking official from the IRS or some other government organization to try to scare you into falling for their schemes.
Use strong and unique passwords
strong passwords
Have good antivirus software on all your devices
Get more details about my best expert-reviewed Antivirus protection software of 2023 here
Use a VPN
Get more details about my best expert-reviewed VPNs of 2023 here
Kurt’s key takeaways
This latest news about the Chinese hacking group called Volt Typhoon is troubling. They are targeting critical infrastructure organizations in the U.S. with stealthy tactics to conduct espionage activities. There are concerns about potential damage to infrastructure plans and national security. The Biden administration plans to implement new security requirements to protect U.S. infrastructure. This is a good reminder to do what you can to protect your data and privacy. I recommend you install antivirus software, use a password manager, and consider using a VPN to protect against potential cyber threats.
How concerned are you for the safety of our infrastructure now that you know about Volt Typhoon and its malicious plans?
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE.
Related:
- TSA’s facial recognition for air travel sparks privacy outrage
- Shut that drone up: Why the world is about to get a lot louder