Five Eyes tell critical infra orgs: take these actions now to protect against China's Volt Typhoon

2024-03-20 10:15

The Feds and friends yesterday issued yet another warning about China's Volt Typhoon gang, this time urging critical infrastructure owners and operators to protect their facilities against destructive cyber attacks that may be brewing.

The Tuesday alert - issued by the US Cybersecurity and Infrastructure Security Agency, the National Security Agency, FBI and eight other US and international partners - comes a little more than a month after the same groups from the same Five Eyes nations sounded the alarm on Volt Typhoon compromising "Multiple" critical infrastructure orgs' IT networks in America.

The previous advisory, published on February 7, also warned that the Beijing-backed crew was readying "Disruptive or destructive cyber attacks" against these same targets.

The alert also encourages cyber security best practices - such as turning on logging for all applications and systems, and storing these logs in a central system.

This can help security teams detect "Living off the land" techniques, which involve using legitimate admin tools and software, rather than installing custom malware, to blend in and avoid being detected by security tools.

Pretty much every Volt Typhoon warning we've seen, from both government agencies and private-sector threat hunters, has observed that this China state-backed cybercrime gang is especially adept at living off the land.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/20/five_eyes_volt_typhoon/

#china #critical