Recent U.S. advisory warns of threats to critical infrastructure posed by Chinese cyber group


A cybersecurity advisory issued last month warns that “state sponsored actors” from the People’s Republic of China are compromising and maintaining persistent access to critical infrastructure in the United States, and several other nations

This article was originally released by our sister publication Broadband Communities

A February warning from three American agencies assesses that the Chinese government is sponsoring attempts to “pre-position themselves on IT networks” to have assets in place in case there is a conflict with the United States.

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) released the Feb. 7 cybersecurity warning, which the advisory said was prompted by observations from U.S. agencies tasked with responding to incidents that compromised critical-infrastructure organizations.

The advisory claimed that a state-sponsored cyber group, known as Volt Typhoon, is preparing for “destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.”

According to the advisory, agencies that have “confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations,” including the U.S. Department of Energy, the U.S. Environmental Protection Agency, the U.S. Transportation Security Administration, along with other government cybersecurity agencies from Australia, Canada, the U.K., and New Zealand.

“The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations—primarily in communications, energy, transportation systems, and water and wastewater systems sectors—in the continental and non-continental United States and its territories, including Guam,” the advisory read.

The advisory stated that American agencies “are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.”

While the risk to Canada’s critical infrastructure may be lower, according to the advisory, the nation would likely still be affected due to cross-border integration should the critical infrastructure of the U.S. become disrupted. The assessment said risks are also present for critical infrastructure in Australia and New Zealand, which “could be vulnerable.”

According to the warning, Volt Typhoon relies on valid online accounts and leverages strong operational security, which can allow for the group to develop a long-term undiscovered persistence.

Volt Typhoon actors have maintained access within some victimized IT environments for lengthy periods of time that can sometimes last years, the advisory stated.

“Volt Typhoon actors conduct extensive pre-exploitation reconnaissance to learn about the target organization and its environment; tailor their tactics, techniques, and procedures to the victim’s environment; and dedicate ongoing resources to maintaining persistence and understanding the target environment over time, even after initial compromise.”

The advisory urged critical-infrastructure organizations to apply mitigations and hunt for malicious activity, which, if discovered, should be reported to a relevant agency.

Click here to read the full advisory about Volt Typhoon’s alleged activities.

Reach Broadband Communities Editor Brad Randall at

Also in the news:
BT wins £26m contract to connect UK schools
Apple fined €1.8bn by European Commission over Spotify row
Japan to reduce regulatory pressure on incumbent NTT 

Recent Posts