The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a joint advisory on Wednesday that stated that the Chinese state-sponsored Volt Typhoon hacking group retains persistent access to numerous U.S. critical infrastructure organizations. CISA added that Volt Typhoon has remained in some IT environments for over five years without detection and is likely “pre-positioning” itself for disruptive capabilities in the event of future conflict. Mandiant’s John Hultquist explained that Volt Typhoon’s targeting of operational technology systems indicates their intentions to enact major shutdowns. For now, Volt Typhoon’s exposed activities have fallen within the realm of cyber espionage. CISA released this joint report the week after the US Justice Department dismantled a Volt Typhoon botnet that used outdated Cisco and Netgear routers for communication. CISA recommends critical infrastructure organizations keep all internet-facing systems updated, implement multi-factor authentication protocols, and store records for application, access, and security logs.

Read More:

https://www.securityweek.com/cisa-chinas-volt-typhoon-hackers-planning-critical-infrastructure-disruption/