Hackers backed by China are breaking into the networks of US companies so they are able to launch destructive cyber attacks against critical infrastructure in the event of a major crisis or conflict. In their attempts to gain access to systems the attackers are paying particular attention to network and IT staff who often hold the keys to the system.
The warning from the National Security Agency (NSA), FBI and the US Cybersecurity and Infrastructure Agency (CISA) is a remarkably detailed breakdown of how a Chinese state-backed group, known as Volt Typhoon, has compromised the networks of multiple critical infrastructure organizations across communications, energy, transportation systems, and water sectors.
The agencies said the hackers had maintained their access and footholds within some network for “at least” five years. Some victim companies are smaller organizations with few security skills, which provide critical services to larger organizations. According to the advisory, the Volt Typhoon group conducts extensive pre-compromise reconnaissance to learn about the target organization, its network, and its staff.
www.itpro.com
