Volt Typhoon: Taking US Infrastructure by Storm

Volt Typhoon a state-sponsored cyber group originating from the People’s Republic of China, targets US critical infrastructure. Cybersecurity units in various agencies (CSIA, FBI, NCSC-UK and ACSC) report that the group employs advanced tactics. Their tactics include exploiting network vulnerabilities, leveraging known and zero-day exploits for initial access, using legitimate admin tools (LOTL techniques), as well as extracting Active Directory databases. Recent FBI disclosures reveal Volt Typhoon penetration in the US’s telecommunications, energy and water sectors signalling potential disruptions. Additionally, FBI director Christopher Wray warns of a “devastating blow” to national security, noting that 23 pipeline operators were targeted. Despite China denying government interference, private sector cyber security experts like Microsoft and Google support suspicions of state-sponsored cyber aggression. 

Key Judgement 1. Volt Typhoon’s use of advanced tactics will increase the frequency and sophistication of future cyber attacks on U.S. critical infrastructure.

Key Judgement 2. It is highly likely that Volt Typhoon’s infiltration of critical sectors like telecommunications, will allow them to collect critical information that has implications for US national security. 

Key Judgement 3. The US inter-agency response from cyber security teams will likely lead towards stronger cybersecurity measures against state-sponsored groups.