Feb 08, 2024 12:30:00

It turns out that the Chinese government-affiliated hacker group ``Bolt Typhoon'' has been hiding in America's major infrastructure for more than five years, raising tensions over the invasion of Taiwan.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (CISA), and Federal Bureau of Investigation (FBI) have jointly announced that the Chinese government-backed hacker group

Bolt Typhoon has been hacking for at least five years. The investigation concluded that the company maintained access to critical infrastructure in the United States. This means that China's ambitions to move away from traditional cyberattacks to steal information and seize American infrastructure are rapidly increasing, with authorities especially considering a devastating attack as a prelude to an invasion of Taiwan. There are growing concerns that sabotage may be attempted.

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to US Critical Infrastructure | CISA
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

China-backed Volt Typhoon hackers have lurked inside US critical infrastructure for 'at least five years' | TechCrunch
https://techcrunch.com/2024/02/07/china-backed-volt-typhoon-hackers-have-lurked-inside-us-critical-infrastructure-for-at-least-five-years/

Chinese hackers have lurked in some US infrastructure systems for 'at least five years' | CNN Politics
https://edition.cnn.com/2024/02/07/politics/china-hacking-us-agencies-report/index.html

China hackers had access to some critical infrastructure for 'at least five years': US officials
https://www.axios.com/2024/02/07/china-volt-typhoon-critical-cyberattacks

The Bolt Typhoon threat first came to light in 2023 when Microsoft warned of espionage efforts targeting critical infrastructure. Since then, Bolt Typhoon has been confirmed to have compromised multiple critical infrastructures in the continental United States and overseas territories, including Guam, ranging from communications, energy, transportation, and water and wastewater systems.

Security officials warn that hackers connected to the Chinese government have attacked and shut down America's water, gas, and electricity systems, and are also targeting public utilities and transportation systems - GIGAZINE

A major feature of Bolt Typhoon is that it uses Living Off The Land (LOTL) techniques to evade detection and infiltrate critical infrastructure. This allows Bolt Typhoon to infect valid accounts and remain undetected for long periods of time.

In the report released today, the agency says, ``In fact, we have observed indications that Bolt Typhoon maintained access and a foothold within the target's IT environment for at least five years.'' We conduct extensive proactive reconnaissance to learn about the posture, adjust tactics, techniques, and procedures (TTPs) to the target environment, and continuously deploy resources over time to maintain sustainability.” said.

The joint statement, prepared by multiple U.S. authorities, names the so-called Five Eyes intelligence agencies of Australia, Canada, the United Kingdom and New Zealand as partners.

There is no indication yet that China has decided to use the Bolt Typhoon to disrupt American infrastructure, but officials are concerned that the situation could change quickly in the event of an emergency.

During a House Committee hearing on Chinese cyber threats, FBI Director Christopher Wray described the Bolt Typhoon as 'the defining threat of our generation' and said its purpose was to 'thwart our military's efforts' in the early stages of the war. 'It disrupts our ability to mobilize.' The remarks were made in light of the conflict over Taiwan, which China claims as its own territory.

At the end of January 2024, the U.S. government announced that it had successfully dismantled the Bolt Typhoon cyberattack botnet, but related agencies remain on alert as Bolt Typhoon has shown a willingness to seek new intrusion routes. called out.