Two major cyber headaches rocking US authorities over the weekend are the widespread and still unresolved Chinese campaign known as Volt Typhoon targeting military bases, and the other an insider breach affecting Air Force and FBI communications.
US authorities have confirmed that Volt Typhoon’s malware is much more endemic than what it is considered; responders have found it planted inside numerous networks controlling the communications, power, and water feeding US military bases at home and abroad.
Meanwhile, a search warrant obtained by Forbes revealed that the Pentagon is dealing with a wholly separate cyber intrusion, a communications compromise affecting 17 Air Force facilities, and possibly the FBI as well, courtesy of an Air Force engineer.
The Chinese state-aligned APT behind Volt Typhoon came to attention after Microsoft observed Chinese cyber activity in Guam. Microsoft posted at the time “that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
That case, disclosed in May, has turned out to be just one small part of a much broader campaign, and the aim towards being in place to carry out destruction now seems increasingly likely as a motivation;
Also, on July 29, the Pentagon ordered a raid on a 48-year-old engineer from the Arnold Air Force base in Tullahoma, Tenn.
According to the relevant search warrant, the engineer had taken $90,000 worth of radio equipment home, gaining unauthorized access to radio communications technologies employed by Air Education and Training Command, a wing of the Air Force responsible for recruitment and training.
In the raid, investigators found an open computer running a Motorola radio programming software “which contained the entire Arnold Air Force Base communications system,” the warrant stated, plus evidence of access to privileged communications from the FBI and other Tennessee state agencies.
Though stringent zero trust is in practice as the FBI and Air Force still face the same insider threats and the same supply chain risks, as any other organization.