No menu items!
EletiofeThe NSA Seems Pretty Stressed About the Threat of...

The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure

-

- Advertisment -

The United States National Security Agency is often tight-lipped about its work and intelligence. But at the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency’s Cybersecurity Collaboration Center had a “call to action” for the cybersecurity community: Beware the threat of Chinese government-backed hackers embedding in US critical infrastructure.

Alongside its “Five Eyes” intelligence alliance counterparts, the NSA has been warning since May that a Beijing-sponsored group known as Volt Typhoon has been targeting critical infrastructure networks, including power grids, as part of its activity.

Officials emphasized on Thursday that network administrators and security teams need to be on the lookout for suspicious activity in which hackers manipulate and misuse legitimate tools rather than malware—an approach known as “living off the land”—to carry out clandestine operations. They added that the Chinese government also develops novel intrusion techniques and malware, thanks to a substantial stockpile of zero-day vulnerabilities that hackers can weaponize and exploit. Beijing collects these bugs through its own research, as well as a law that requires vulnerability disclosure.

The People’s Republic of China “works to gain unauthorized access to systems and wait for the best time to exploit these networks,” Morgan Adamski, director of the NSA’s Cybersecurity Collaboration Center, said on Thursday. “The threat is extremely sophisticated and pervasive. It is not easy to find. It is pre-positioning with intent to quietly burrow into critical networks for the long haul. The fact that these actors are in critical infrastructure is unacceptable, and it is something that we are taking very seriously—something that we are concerned about.”

Microsoft’s Mark Parsons and Judy Ng gave an update on Volt Typhoon’s activity later in the day at Cyberwarcon. They noted that after seemingly becoming dormant in the spring and most of the summer, the group reappeared in August with improved operational security to make its activity more difficult to track. Volt Typhoon has continued attacking universities and US Army Reserve Officers’ Training Corps programs—a type of victim the group particularly favors—but it has also been observed targeting additional US utility companies.

“We think Volt Typhoon is doing this for espionage-related activity, but in addition, we think there’s an element that they could use it for destruction or disruption in a time of need,” Microsoft’s Ng said on Thursday.

The NSA’s Adamski and Josh Zaritsky, chief operations officer of the Cybersecurity Collaboration Center, urged network defenders to manage and audit their system logs for anomalous activity and store logs such that they can’t be deleted by an attacker who gains system access and is looking to hide their tracks.

The two also emphasized best practices, like two-factor authentication and limiting users’ and admins’ system privileges to minimize the possibility that attackers can compromise and exploit accounts in the first place. And they emphasized that not only is it necessary to patch software vulnerabilities, it is crucial to then go back and check logs and records to make sure that there aren’t signs that the bug was exploited before it was patched.

“We are going to need internet service providers, cloud providers, endpoint companies, cybersecurity companies, device manufacturers, everybody in this fight together. And this is a fight for our US critical infrastructure,” Adamski said. “The products, the services that we rely on, everything that matters—that’s why this is important.”

Latest news

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but right before the Nintendo Switch launched in 2017, it seemed...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita Williams will return to Earth next February aboard SpaceX’s Dragon...

How to Switch From iPhone to Android (2024)

Ignore the arguments about which is better, because iPhones and Android phones have far more in common than some...

12 Best Tablets (2024): iPads, Androids, and More Tested and Compared

Tablets often don't come with kickstands or enough ports, so it's a good idea to snag a few accessories...
- Advertisement -

Will the ‘Car-Free’ Los Angeles Olympics Work?

THIS ARTICLE IS republished from The Conversation under a Creative Commons license.With the Olympic torch extinguished in Paris, all...

Lionel Messi will return before MLS playoffs, says Inter Miami coach Tata Martino

Inter Miami head coach Tata Martino said on Friday that Lionel Messi will return to the team's lineup before...

Must read

7 Best Handheld Gaming Consoles (2024): Switch, Steam Deck, and More

It feels like a distant memory by now, but...

The Boeing Starliner Astronauts Will Come Home on SpaceX’s Dragon Next Year

NASA has announced that astronauts Barry Wilmore and Sunita...
- Advertisement -

You might also likeRELATED
Recommended to you