The US authorities have expressed concern about the actions of the Chinese hacker group of the Volt Typhoon, warning the owners and operators of the critical infrastructure about the need to protect against potential destructive cyber attacks.
New Warning, released by CISA, ANB, FBI and 8 other international partners, is focused on providing instructions for senior managers who do not have technical knowledge.
The warning encourages organizations to use prioritization tools based on intelligence, such as CPGS (Cross-Sector Cybersecurity Performance Goals) or recommendations from the risk management agency (SecTOR RISK Management Agency, SRMA).
Furthermore, the emphasis is on adhering to cybersecurity best practices, including activating logging for all applications and systems and centralizing log storage. This will help security teams identify Living Off the Land (Lotl) tactics, which involve using legitimate administrative tools and software to evade detection.
Organizations are also advised to develop an incident response plan and conduct regular training exercises so that each employee knows their role and procedure in the event of an attack.
The warning underscores the importance of securing the supply chain and implementing risk management processes for suppliers, including strict adherence to security standards and management of foreign ownership, control, or influence (Foreign Ownership, ORNFLUENCE, FOCI), considering entities on lists like the Entity List.
This warning is not the first to address the Volt Typhoon group. In February, US authorities revealed that Volt Typhoon had infiltrated some critical infrastructure networks for at least 5 years. The hackers’ activities did not align with traditional cyber intelligence and data collection goals, indicating a potential preparation for sabotage.