China hacking group caught spying on U.S. organizations

A recent report from Microsoft and the National Security Agency (NSA) reveals a targeted cyberattack by a Chinese hacking group on critical infrastructure organizations in the United States. The attack was carried out by a state-sponsored group known for espionage and information gathering.

Who is this hacker group going after?

The hacker group, known as Volt Typhoon, is believed to be behind a mysterious computer code that was discovered in telecommunications systems across the United States, including Guam. The presence of this code is concerning due to Guam’s strategic importance in potential military responses to a Taiwan invasion or blockade, given its Pacific ports and significant American air base. The code, referred to as a “web shell,” is a malicious script that grants unauthorized remote access to a server.

Other organizations believed to be affected span various sectors, including information technology, education, communications, maritime, government, manufacturing, utilities, transportation, and construction. The hacking group’s behavior suggests a focus on long-term access and espionage, with an aim to remain undetected within target networks.

Volt Typhoon’s stealthy tactics

Volt Typhoon achieves initial access to their targeted organizations through Fortinet FortiGuard devices. These devices are designed to help protect organizations from cyber threats. However, in this case, the hackers find weaknesses or loopholes in the FortiGuard devices that allow them to break in.

They try to mask their activity by sending data traffic through small business and home office network hardware they control, such as firewalls, routers, and VPN hardware. They also rely on resources already within their operating systems. Once they have gained this initial access, the hackers can then proceed to carry out further malicious activities within the targeted organizations.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

What damage could this all cause?

Volt Typhoon could use their tactics to damage infrastructure plans for the U.S., or it could be part of a larger plan that China is brewing that is connected to the spy balloon that floated across American nuclear sites in late January and early February of this year.

The biggest security concern is for Anderson Air Force Base in Guam. If that gets attacked, it could reveal some much-needed answers to China for a desired attack on Taiwan. Plus, it is a major hub for many of our country’s ships stationed in the Pacific Ocean. Because of these threats, the Biden administration says it will be stepping in to help protect its infrastructure with new security requirement plans.

Following Microsoft’s report, China has vehemently denied the allegations.

MORE: DON’T USE TIKTOK? THE CHINA-OWNED SOCIAL NETWORK MAY STILL HAVE YOUR DATA 

Credit: Microsoft

What steps can I take at home?

It is worth mentioning that Microsoft did make a statement about how people can protect themselves by saying,

Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments.”

Although this is likely to help prevent attacks on a much larger scale than individual’s devices, it is a good reminder to take the proper precautionary steps for yourself to protect your data and privacy.

Enable two-factor authentication (2FA)

Whenever possible, enable two-factor authentication for your accounts and devices. This adds an extra layer of security by requiring a secondary verification method, such as a unique code sent to your mobile device in addition to your password.

Keep your software up to date

Regularly update your operating system, web browsers, and other software on your device. These updates often include security patches that address vulnerabilities and protect against known threats.

Watch out for phishing emails and texts

If you get an email or a text message asking you to click a link either to view or verify your information, don’t fall for it. Hackers use this technique all the time to try to fool people. They’ll even pretend to be a real high-ranking official from the IRS or some other government organization to try to scare you into falling for their schemes.

Use strong and unique passwords

Create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself.  The fewer passwords you remember, the less likely you will be to reuse them for your accounts.

Get more details about my best expert-reviewed Password Managers of 2023 here

Best Password Managers expert reviewed for 2023

 

Have good antivirus software on all your devices

Having antivirus software running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen. The software will also remove any existing malware from your devices. 

Get more details about my best expert-reviewed Antivirus protection software of 2023 here

Best Antivirus Protection 2023

 

Use a VPN

Consider using a VPN to protect against being tracked and to identify your potential location on websites that you visit.  Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location.

Get more details about my best expert-reviewed VPNs of 2023 here

Best VPNs for browsing the web privately 2023

 

Kurt’s key takeaways

This latest news about the Chinese hacking group called Volt Typhoon is troubling. They are targeting critical infrastructure organizations in the U.S. with stealthy tactics to conduct espionage activities. There are concerns about potential damage to infrastructure plans and national security. The Biden administration plans to implement new security requirements to protect U.S. infrastructure. This is a good reminder to do what you can to protect your data and privacy. I recommend you install antivirus software, use a password manager, and consider using a VPN to protect against potential cyber threats.

How concerned are you for the safety of our infrastructure now that you know about Volt Typhoon and its malicious plans?  Let us know by commenting below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE.

 

Related:



Related posts

Best last minute holiday gifts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you