FBI Director Warns of Chinese Volt Typhoon Hackers Targeting U.S. Critical Infrastructure

#FBI Director Wray warned the government of China’s hacking efforts now target the entire American populace, and noted the escalating urgency of the overall threat that China poses to U.S. national security. Read at: https://t.co/3zxNPlr7fb pic.twitter.com/5ITyxVnIEa

— FBI (@FBI) January 31, 2024

What is Volt Typhoon?

Volt Typhoon (known elsewhere as Hurricane Panda) is an advanced persistent threat group with a high level of expertise thought to be associated with the Chinese government under Microsoft’s new naming scheme. The same threat group has been called Hurrican Panda by one of the most storied cybersecurity firms, Crowdstrike. The group has demonstrated its ability to break into and compromise networks targeting US government agencies, financial institutions and operators of critical infrastructure focusing on intellectual property theft and espionage.

Barely a month elapsed before the Cybersecurity Infrastructure and Security Agency (CISA) issued an alert about the PRC-backed Volt Typhoon threat group’s use of a collection of tools from the growing repertoire of living-off-the-land attack techniques. Microsoft had reported observing Volt Typhoon’s cyberattacks beginning in mid-2021 but, as evidenced by CISA’s action, attacks on US critical infrastructure surged in 2023. Hackers from Russia, China, and Iran are trying to inflict chaos and disruptions on the US by attacking critical infrastructure.

FBI and DOJ Take Down Volt Typhoon’s KV Botnet

This was at the time when the US FBI and Department of Justice (DOJ) issued takedown action against much of the Volt Typhoon’s botnet infrastructure. KV Botnet, also known as Storm Botnet, is a popular botnet family operated by threat groups such as the Volt Typhoon. As part of the investigation activities, the FBI revealed that the SOHO routers were being infected and leveraged to conduct disruptive attacks against the critical infrastructures in the US using them as bots. The coordinated law enforcement action has succeeded in disrupting the KV botnet infrastructure operated by People’s Republic of China (PRC) state-sponsored hackers, compromising hundreds of US-based small office/home office (SOHO) routers, as reported in a press release by the department of justice.

Implications of FBI Director’s Latest Warning

It’s a warning by the Director of the FBI about the potential impacts of a successful cyber attack by Chinese hackers. Those impacts might be the disruption of essential services like power grids, oil and gas,  water, transportation, healthcare, and communication networks. The hackers might also steal sensitive data that could lead to financial losses or reputational damage. The statement by the FBI Director is a sharp reminder of what might happen if we remain reactive or complacent when it comes to cyber defence.

The warning by the FBI Director and other high-level security officials raise risk levels for the US and the private sector to serious. The federal government can focus on strengthening cyber defences and preventing intrusions and hacks into our critical infrastructure. The government, in coordination with the owners and operators of critical infrastructure, should work towards developing best practices to enhance the physical and cyber security and resiliency of the sector. And the private sector must bolster its own cyber investments to decrease time to detection and thwart the bad guys.

For more cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.

Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.