Officials and security researchers from the US are warning that the Chinese military is allegedly attempting to infiltrate critical infrastructure, including power and water utilities and transportation systems in the U.S.
The threat actors affiliated with China’s People’s Liberation Army have infilterared into the computer systems of about two dozen critical entities over the past year.
The report claims that victims allegedly targeted by Chinese hackers include a water utility in Hawaii, a major West Coast port, and at least one oil and gas pipeline. The hackers are also said to have attempted to hack the operator of the Texas power grid. The alleged victims are from both inside and outside of the US.
The critical ICS infrastructure was not affected. However, targeting a utility in Hawaii is notable because it’s the home of the U.S. Pacific Fleet. Taking out a utility in the event of war could disrupt efforts to deploy troops and equipment.
Earlier this year, Volt Typhoon made a havoc within US Critical infrastructure. In continuation to that, this seems to be an upgraded alleged intrusion.
Microsoft researchers warned in May that Volt Typhoon, which has been active since mid-2021, was suspected of preparing to disrupt U.S.-Asia communication networks in potential crises. The group targets communications, manufacturing, utilities, transportation, construction, maritime, government, information technology, and education sectors.
Volt Typhoon campaigns emphasize stealth, using advanced techniques such as living-off-the-land binaries of LOLBins and hands-on-keyboard activity. The group’s tactics include gathering credentials, staging data for exfiltration, and maintaining persistence in compromised systems using valid credentials.
