State-led cyber incursions pose a Credit Risk Threat to U.S. Critical Infrastructure, according to Moody's assessment
In a recent development, an all-points bulletin has been issued about the state-linked threat actor, Volt Typhoon. This actor, believed to be connected to China, has been targeting critical infrastructure providers, including those in the communications, utilities, energy, and transportation sectors.
The malicious activities of Volt Typhoon are designed to avoid detection over long periods of time using living-off-the-land techniques. These tactics include using native tools less likely to generate alerts in well-monitored networks, making them more stealthy.
One of the methods Volt Typhoon has been employing is the use of compromised small and home office devices to potentially disrupt communications with Asia. Rising geopolitical tensions with China might be associated with this potential disruption.
The threat of cyber and physical attacks targeting physical infrastructure is not new. Moody's has identified certain regulated utilities, including gas and electric utilities, water, and not-for-profit hospitals, as facing very high risk due to malicious cyber activity. The malicious activity exposes critical infrastructure providers to unauthorized use and could lead to reduced revenue and financial liquidity during an attack.
In response to these threats, the United States is cooperating primarily with the FBI and cybersecurity experts at the national level to combat state-supported cyberattacks on critical infrastructure providers. This cooperation is part of a broader effort involving over 80 countries, as evidenced by the joint advisory issued by the Five Eyes and U.S. authorities after Microsoft researchers disclosed the attacks.
Ensuring a secure and reliable bulk power system is the top priority, according to the North American Electric Reliability Corporation and Electricity Information Sharing and Analysis Center. Microsoft officials declined to comment on the situation.
It's important to note that the risk posed by such undetected actors could lead to a more direct threat by disrupting access to necessary services. The vulnerability of critical infrastructure providers is noted to be a potential concern for these sectors.
Volt Typhoon has also been abusing Fortinet FortiGuard devices, which underscores the need for robust cybersecurity measures across all levels of an organization's IT infrastructure.
No additional activity has been confirmed since the initial advisory was released. However, the ongoing vigilance and collaboration among nations, industries, and cybersecurity experts are crucial in combating these sophisticated threats and safeguarding critical infrastructure.
Read also:
- Companies exercise prudence towards AI adoption, ensuring secure implementation: Exploring safeguards and strategies.
- Stolen Brain Data of Sinner and Leclerc (Yellow chroma), previously held in China, repurposed for military training purposes.
- Increased instances of Russian-originated disinformation on social media platforms detected following the shooting of Kirk
- Financial researchers at Carnegie urge immediate efforts to counteract cyber threats in the financial sector
