Microsoft Catches Chinese .Gov Hackers in Guam Critical Infrastructure Orgs
As per a recent statement released by Microsoft, the company has caught Chinese government hackers siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean. These cyberespionage activities by the Chinese government-sponsored group raises concerns as it could have the capability to disrupt critical communications infrastructure between the United States and the Asian region during future crises. These findings have been labelled as “Volt Typhoon” by Microsoft, which describes the campaign as “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery”.
Insights into the Chinese cyberespionage campaign
The Chinese government-sponsored hacking group has relied primarily on “living-off-the-land” commands to find information on the system, discover additional devices on the network, and exfiltrate data. The group primarily breaks into target companies through internet-facing Fortinet FortiGuard devices and latches onto compromised small office/home office (SOHO) routers to obfuscate the source of their activity. This is a cause of concern as this hacking group has targeted a wide variety of organizations spanning communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
According to Microsoft, “The threat actor intends to perform espionage and maintain access without being detected for as long as possible”. As these cyber espionage activities continue without detection, it poses a significant threat to countries, organizations, and individuals in the long run.
Tips for Network Edge Device Owners
Microsoft has confirmed that many of the devices allow the owner to expose HTTP or SSH management interfaces to the internet. Owners of network edge devices should ensure that management interfaces are not exposed to the public internet in order to reduce their attack surface. By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.
Editorial
The recent report by Microsoft highlighting Chinese government-sponsored cyber espionage activities is a cause of concern for governments worldwide. Such activities, if left unchecked, could result in the disruption of critical communication infrastructure between countries, leading to chaos and economic instability. Governments around the world need to work collaboratively to avoid such attacks.
Further, organizations need to ensure that their cybersecurity practices are proactive rather than reactive. This requires investing in the right resources, training employees on identifying cyber threats, and implementing IT infrastructure that can withstand cyber-attacks. These proactive efforts will ensure that organizations are better prepared to handle cyber-attacks that may come their way.
Philosophical Discussion
The use of cyber-attacks by nation-states on critical infrastructure has been an increasing cause for concern. The Volt Typhoon campaign is just another example of the potential dangers of such cyber activities. As we become more reliant on IT infrastructure and connected devices, nation-states can cause significant cyberdamage to their target country’s infrastructure without even firing a single missile. This begs the question of how countries will react to such attacks in the future. Does the use of traditional military force, such as bombs and missiles, remain the only option left? Or can countries find ways to hold attackers accountable for their cyber activities and implement defensive measures that deter future attacks? Cybersecurity is an issue that requires international cooperation to produce an effective solution that moves beyond national interests and concerns.
Advice
In the wake of such cyber-attacks, organizations must take the necessary steps to protect their infrastructure from potential threats. Companies must strengthen their cybersecurity practices by adopting strategies and defense mechanisms to tackle the ever-evolving types of cyberattacks. These include adopting the best cybersecurity practices, using multi-factor authentication, using advanced threat protection software, continually monitoring the network for suspicious activity, and conducting regular security assessments. Further, organizations must provide training to educate their employees about cybersecurity awareness and etiquette. Finally, governments worldwide must work collaboratively to counter cyber espionage activities and hold perpetrators accountable.
<< photo by Roman Synkevych >>
You might want to read !
- The Rising Threat of Advanced Persistent Threats (APTs) Targeting Small Business MSPs.
- “Google’s Latest Domain Extensions Empower Social Engineers With New Possibilities”
- Watering Hole Cyberattacks Target Shipping and Logistics Companies in Israel
- Iranian Hackers Use Tortoiseshell Technique to Target Israeli Logistics Industry
- “10 Key Factors to Consider When Choosing a SAST Solution for Your Business”
- Ramping Up Efforts Against North Korean Cyberattacks: US Sanctions University for Training North Korean Hackers.
- BianLian Ransomware Poses Threat to Critical Infrastructure Organizations
- “Red Stinger Emerges: APT Group Poses New Threat to Eastern Europe’s Military and Critical Infrastructure”
- The Power of Identity: How Prioritizing Identity Protection Can Prevent Critical Infrastructure Attacks
