Meet the Chinese 'Typhoon' hackers preparing for war
Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers
Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which top U.S. officials have described as an “epoch-defining threat.”
Volt Typhoon: A Sophisticated Hacking Group
Volt Typhoon is a Chinese government-backed hacking group that has been identified as a significant threat to national security. According to Microsoft, Volt Typhoon has been targeting and compromising network equipment, such as routers, firewalls, and VPNs, since mid-2021 as part of an ongoing and concerted effort to infiltrate deeper into U.S. critical infrastructure.
The group's tactics, techniques, and procedures (TTPs) are sophisticated, and they have been able to evade detection by using zero-day exploits and other advanced techniques. Volt Typhoon has also been known to use social engineering tactics to gain access to networks and devices.
In January, the U.S. government disrupted a botnet dubbed "Volt Typhoon," which was used by the group to hide its malicious activity aimed at targeting U.S. critical infrastructure. The disruption was successful in removing the malware from the hijacked routers, but it's likely that Volt Typhoon will continue to evolve and adapt to evade detection.
Flax Typhoon: A Cybersecurity Company with a Dark Secret
Flax Typhoon is a Chinese government-backed hacking group that has operated under the guise of a publicly traded cybersecurity company based in Beijing. The company, Integrity technology Group, has publicly acknowledged its connections to China's government.
According to Microsoft, Flax Typhoon has been active since mid-2021, predominantly targeting "government agencies and education, critical manufacturing, and information technology organizations in Taiwan." The group has also been known to attack multiple U.S. and foreign corporations.
Flax Typhoon's TTPs are similar to those of Volt Typhoon, and they have also been using zero-day exploits and other advanced techniques to evade detection. In September, the U.S. government said it had taken control of another botnet, used by Flax Typhoon, which was leveraged a custom variant of the infamous Mirai malware.
Salt Typhoon: A Sophisticated Group with Access to Wiretap Systems
Salt Typhoon is a Chinese government-backed hacking group that has been identified as one of the most sophisticated groups operating in the wild. In October, the group was believed to have compromised the wiretap systems of several U.S. telecom and Internet providers, including AT&T, Lumen (formerly CenturyLink), and Verizon.
According to reports, Salt Typhoon may have gained access to these organizations using compromised Cisco routers. The U.S. government is said to be in the early stages of its investigation, but the breach could be "potentially catastrophic" if it involved hacking into systems that house much of the U.S. government's requests, including the potential identities of Chinese targets of U.S. surveillance.
Salt Typhoon's TTPs are highly sophisticated, and they have been able to evade detection by using advanced techniques such as encryption and secure communication protocols. The group's access to wiretap systems gives them a significant advantage over other hacking groups, and it's likely that they will use this access to gather intelligence on U.S. targets.
The Threat from Chinese Government-Backed Hackers
The threat from Chinese government-backed hackers is a serious one, and it's likely that we will see more attacks in the future. The groups mentioned above are just a few examples of the many hacking groups operating in the wild, and they are all backed by the Chinese government.
The Chinese government's support for hacking groups is a significant concern, as it gives these groups the resources and expertise they need to operate effectively. The government's support also sends a message to other countries that it is willing to use cyber warfare as a tool of statecraft.
What Can Be Done to Counter the Threat
To counter the threat from Chinese government-backed hackers, the U.S. government must take a number of steps. These include:
Overall, the threat from Chinese government-backed hackers is a serious one, and it requires a comprehensive and coordinated response from the U.S. government and other countries.
Arrticle