AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Then in July 2021 President Biden underscored the issue of cyberattacks, when he admitted they could cause a ‘real shooting war’ with a ‘major power’.Įver since 2011 the United States said it reserved the right to retaliate with military force against a cyberattack from a hostile state. The US regards critical infrastructure as off limits, ever since US President Joe Biden raised the issue with Vladimir Putin in a June 2021 face-to-face meeting, before the Ukraine invasion in February 2022.īiden and Putin spent much of that face-to-face meeting talking about cybersecurity issues, with Biden warning Putin of ‘retaliation’ and an ‘aggressive response’ if Russia attacks a list of 16 ‘critical’ industries in America. “But no matter what varied methods are used, none of this can change the fact that the United States is the empire of hacking,” she reportedly told a regular press briefing in Beijing. Mao said the campaign was launched by the US for geopolitical reasons and that the report from Microsoft analysts showed that the US government was expanding its channels of disinformation beyond government agencies. China responseīut Beijing has hit back at the allegations and blamed the accusations on the current geopolitical tensions between the West and China.Ĭhinese foreign ministry spokesperson Mao Ning was quoted by Reuters as saying on Thursday the hacking allegations were a “collective disinformation campaign” from the Five Eyes countries. The Microsoft Exchange hack for example was identified in January 2021 and rapidly attributed to Chinese cyber spies by private sector groups. Microsoft said that observed behaviour of Volt Typhoon suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the software giant warned. Meanwhile Microsoft in its separate blog post noted that Volt Typhoon had been active since mid-2021 and had targeted critical infrastructure in Guam, a crucial US military outpost in the Pacific Ocean that would be key to responding to any conflict in the Asia-Pacific region. This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations. The advisory stems from the US National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC).Īccording to the advisory, one of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives. “Private sector partners have identified that this activity affects networks across US critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide,” the US intelligence agency added. “The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,” said the NSA. The allegations that the Chinese hacking group, codenamed “Volt Typhoon,” has operated since mid-2021, was made in a blog posting by Microsoft, as well as a security advisory from the US National Security Agency, alongside other Western intelligence agencies in the UK, Canada, Australia and New Zealand (the Five Eyes intelligence sharing group).Ĭhina has responded and said the allegations were a “collective disinformation campaign” from the Five Eyes countries. The ‘Five Eyes’ intelligence agencies, as well as tech giant Microsoft, have warned that critical infrastructure in the US is being spied upon by state sponsored Chinese hackers.
0 Comments
Read More
Leave a Reply. |