CISA, NSA, FBI and Five Eyes Issue New Alert on Chinese APT Volt Typhoon 

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and their international partners from the Five Eyes alliance have issued a new advisory concerning the activities of the Chinese state-sponsored hacking group known as Volt Typhoon. This group has been implicated in a series of cyberattacks targeting critical infrastructure sectors within the U.S., including communications, energy, transportation systems, and water and wastewater organizations. Read on to get the details.  

Tell me more about the Chinese APT Volt Typhoon advisory 

The advisory indicates that Volt Typhoon’s operations diverge from conventional cyber espionage or intelligence-gathering activities. Instead, the group’s focus appears to be on gaining access to operational technology (OT) assets, potentially laying the groundwork for disruptive or destructive cyberattacks against critical infrastructure. This shift in tactics suggests a strategic pre-positioning that could be exploited in the event of geopolitical tensions or conflicts, posing a significant threat to national security.  

What is Nuspire doing?  

In response to this threat, Nuspire is taking proactive measures to safeguard client environments against potential Volt Typhoon intrusions. This includes the timely application of security patches in alignment with vendor recommendations and conducting thorough threat hunting activities to detect any signs of compromise.  

What should I do to safeguard against the Volt Typhoon threat?  

Owners and operators of critical infrastructure are strongly encouraged to heed the recommendations outlined in the Five Eyes advisory. Key defensive actions include: 

  • Empowering cybersecurity teams to make informed decisions on resource allocation and threat prioritization, utilizing intelligence-informed tools. 
  • Strengthening supply chain security through robust vendor risk management processes, ensuring due diligence in procurement, and advocating for interoperability and the principle of least privilege in vendor products. 
  • Vigilantly monitoring for vulnerabilities within the technology stack, prioritizing patches based on criticality, and applying them promptly. 
  • Developing and maintaining comprehensive incident response plans, regularly reviewing and updating them, and promptly reporting any incidents to the relevant authoring agencies. 
  • For smaller organizations lacking dedicated cybersecurity teams, it is advisable to seek out managed security services to bolster defenses against this and similar threats. 

By following these guidelines, critical infrastructure entities can enhance their resilience against the Volt Typhoon threat and contribute to the broader effort to protect national security. 

Have you registered for our next event?