In a concerning revelation, SecurityScorecard researchers have uncovered that the Chinese hacking group Volt Typhoon, notorious for targeting critical infrastructure in the United States, extends its reach beyond expectations. The group’s IT network is now found communicating with government websites not only in the U.S. but also in the U.K., Australia, and India. Their tools include unpatched routers from Cisco Systems, with a patch for these devices issued five years ago. The outdated models, Cisco RV320 and RV350, pose a significant risk as there are no new updates available.
Growing Concerns and International Meetings
The alarming expansion of China’s cyber threat comes amid a meeting between President Joe Biden and Chinese President Xi Jinping in California on Nov. 15. Despite discussions covering various issues, cybersecurity threats, especially related to critical infrastructure, were notably absent from official statements. However, analysts point to a shifting landscape in cyberspace, with China increasingly focusing on such strategic targets.
China Identified as Top Cyber Threat
U.S. officials, including CISA Executive Director Brandon Wales, highlight China as the number one geostrategic challenge for the United States in the cyber realm. Recent reports from the Department of Defense underscore the severity of the situation, revealing that Chinese hackers are actively stealing sensitive information from critical defense infrastructure. The motives behind these attacks include economic and military advantages, emphasizing the evolving and serious nature of the Chinese cyber threat.
China’s New Ambitions in Cyberspace
China’s cyber threat is evolving beyond economic espionage and intelligence gathering. Recent comments by Wales shed light on China’s focus on executing intrusions directly into critical infrastructure, with a specific intent to develop capabilities for future disruptive or destructive operations. The scale of the Chinese cyber threat is unprecedented, with FBI Director Christopher Wray noting that China’s hacking program surpasses that of every other major nation combined.
Global Impact and Warnings
The impact of China’s cyber activities extends globally, with joint warnings from Five Eyes countries about Chinese state-sponsored hackers targeting critical infrastructure sectors. The Volt Typhoon group, for instance, engaged in a multi-year campaign aimed at various sectors, including communications, manufacturing, and government.
Economic Espionage and Traditional Targets
Despite the focus on critical infrastructure, China continues its traditional espionage goals. U.S. intelligence identifies China as the most active cyber espionage threat, targeting defense networks, critical infrastructure, and even individuals living beyond its borders. Recent incidents, such as the hacking of Commerce Secretary Gina Raimondo’s email account, underscore China’s persistent efforts to steal intellectual property and access sensitive networks.
Artificial Intelligence and Disinformation
In addition to cyber operations, China has developed sophisticated tools for spreading disinformation on social media. The use of artificial intelligence to create realistic images for influence operations is a growing concern, as highlighted in a report by Microsoft. The Defense Department warns of China’s focus on information operations, incorporating them into military exercises to achieve information superiority.
Urgent Need for Cybersecurity Measures
As China’s cyber threat continues to grow and diversify, urgent measures are required to address the multifaceted challenges posed by disinformation, economic espionage, and critical infrastructure attacks. The recent data breaches in American companies further emphasize the need for enhanced cybersecurity skepticism among employees and robust defense strategies to protect sensitive information.
Employee Phishing and Data Breaches: Ongoing Cybersecurity Challenges
Cybersecurity researchers at Cofense have uncovered a concerning trend where threat actors exploit employees’ routine responsibilities, such as company surveys and benefit program enrollments, to steal their credentials. Phishing emails, appearing to be from management or HR, lure employees into clicking on attachments or QR codes, posing a serious threat to organizational security.
Data Breaches Across Industries
Recent data breaches continue to impact various industries. Fidelity National Finance reveals that data on approximately 1.3 million customers may have been copied in a recent attack. Raptor Technologies, a Texas-based company specializing in school security solutions, exposes sensitive student data through a non-password-protected database left open on the internet.
Widespread Impact and Cyber Resilience
NASCO, an American company administering benefits for health plans, announces a doubling of victims from a hack last year, affecting almost 1.7 million people. The World Economic Forum’s cybersecurity forecasts highlight misinformation and disinformation as the top risks for organizations in the next two years. The number of organizations maintaining minimum viable cyber resilience has dropped, indicating an urgent need for strengthened cybersecurity measures.
Vendor Security Updates
Leading cybersecurity companies Palo Alto Networks and Fortinet release crucial security updates. Palo Alto Networks provides insights into the Medusa ransomware gang, offering indicators of compromise for defenders. Fortinet addresses a vulnerability in its FortiOS and FortiProxy software, preventing potential exploitation by cyber threat actors. Cisco Systems also issues a critical security update to patch a vulnerability in the web-based management interface of its Unity Connection platform, mitigating potential risks of unauthorized access and damage.
In a rapidly evolving cyber landscape, vigilance, collaboration, and continuous security updates are essential to thwart the growing threats posed by cyber adversaries.
Thanks & Regards;Ashwini Kamble