CISA shares critical infrastructure defense tips against Chinese hackers

By Bleeping Computer

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group.

Together with the NSA, the FBI, other U.S. government agencies, and partner Five Eyes cybersecurity agencies, including cybersecurity agencies from Australia, Canada, the United Kingdom, and New Zealand, it also issued defense tips on detecting and defending against Volt Typhoon attacks.

Last month, they also warned that Chinese hackers had breached multiple U.S. critical infrastructure organizations and maintained access to at least one of them for at least five years before being discovered.

Authorities have observed that the cyber espionage group Volt Typhoon’s targets and tactics differ from typical activities, suggesting their goal is to obtain access to Operational Technology (OT) assets within networks, which could be exploited to disrupt critical infrastructure.

U.S. authorities are concerned that this Chinese group may exploit such access to further disrupt critical infrastructure and cause disruptions during military conflicts or geopolitical tensions.

Today, CISA and partner U.S. government agencies (including the Department of Energy, the Environmental Protection Agency, the Transportation Security Administration, and the Department of Treasury) advised critical infrastructure leaders to empower their cybersecurity teams to make informed resourcing decisions, secure their supply chain, and ensure that performance management outcomes align with their organization’s cyber goals.

“Key best practices for your cybersecurity teams includes ensuring logging, including for access and security, is turned on for applications and systems and logs are stored in a central system. Robust logging is necessary for detecting and mitigating living off the land,” the joint guidance says [PDF].