Rising Threat of China’s Volt Typhoon

source: axios.com (contributed by FAN, Bill Amshey)  |  Image: pexels.com

Notorious China-linked hackers known for burrowing deep into U.S. infrastructure are back, according to a report out today.

Why it matters: The resurgence shows that the Chinese government isn’t backing down from its quest to infiltrate American utilities in preparation for a potential destructive cyberattack.

Zoom in: The research team at SecurityScorecard, a cyber risk assessment company, says it has noticed Volt Typhoon moving traffic through a set of compromised routers in New Caledonia, an island nation off the coast of Australia, as recently as September.

• Global law enforcement disrupted a significant portion of Volt Typhoon’s botnet in January, but the group quickly set up new servers.
• However, actual movement across these servers hadn’t been seen until September, according to the report.
• Routing through New Caledonia gives the hackers a “silent bridge” to hide traffic moving between the Asia-Pacific region and the Americas, the report says.

The intrigue: “Unlike attackers who vanish when discovered, this adversary digs in even deeper when exposed,” Ryan Sherstobitoff, senior vice president of threat research at SecurityScorecard, wrote in a blog post.

Catch up quick: Federal officials warned Congress in late January that the Volt Typhoon campaign indicated China had a new willingness to shut down U.S. critical infrastructure and incite societal panic.

• As part of its campaign, Volt Typhoon maintained access to some U.S. critical infrastructure for “at least five years,” according to the intelligence community.

The big picture: Volt Typhoon is just one of the ongoing Chinese hacking campaigns that U.S. officials are most concerned about.

• Investigators are still probing the extent of the Salt Typhoon group’s latest hacks into U.S. politicians’ phones, including those belonging to President-elect Donald Trump and VP-elect JD Vance.