CISA, Allies Issue Guidance on China-Sponsored Volt Typhoon Hacker Group

The Cybersecurity and Infrastructure Security Agency, the National Security Agency, the FBI and domestic and international agencies have released a joint cybersecurity advisory on Volt Typhoon, a China-backed hacker group found to have attacked U.S. critical infrastructure.

Volt Typhoon has compromised communications, energy, transportation and water and wastewater entities, CISA said Wednesday.

According to the agency, data indicates that Chinese hackers are shifting from conducting espionage to positioning themselves to execute cyberattacks that could endanger American citizens and impede military readiness.

CISA and its partners also issued complementary guidance to support organizations in identifying the living-off-the-land techniques employed by Volt Typhoon and similar entities. Hackers using such an approach can avoid detection by conventional network defenses by blending in with normal system processes.

CISA said identifying cyber actors living off the land necessitates a comprehensive approach involving behavior analytics, anomaly detection and proactive hunting.

CISA Director Jen Easterly, a 2024 Wash100 winner, called on all critical infrastructure organizations to implement the measures detailed in the cybersecurity advisory and guidance.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now