Cyber ​​attacks linked to the People’s Republic of China and its spy agencies are a growing threat, analysts say. A growing concern is China’s state-sponsored hacking gang Volt Typhoon. The cyber espionage gang’s activities have led the global intelligence alliance known as the Five Eyes, which includes Australia, Canada, New Zealand, the United Kingdom and the United States, to issue two warnings, one month apart in the first quarter of 2024. In order to do this, the main owners of the infrastructure are stressed. and operators worldwide to protect their facilities.

“The goal is clear: to affect the critical infrastructure of all countries,” said Erich Zisek, a Chilean consultant and cybersecurity expert. Dialogue On May 8. “In our region, it will affect the production of energy, water, public services, telecommunications, and all services that can affect not only companies but also the population.”

Volt Typhoon Works under many names. Also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. A Microsoft report indicates that this malicious actor typically focuses on espionage and information gathering.

Volt Typhoon uses malicious software to infiltrate the Internet, exploiting vulnerabilities such as weak passwords, factory default logins and devices that are not regularly updated. This program controls vulnerable Internet devices such as routers and security cameras. It hides and establishes a beachhead before using the system to launch future attacks.

As security analysts publicly identified in May 2023, Volt Typhoon has compromised thousands of devices worldwide, though the group is likely to have compromised infrastructure by mid-2021 and possibly much earlier. was targeted. “Microsoft estimates with moderate confidence that this Volt Typhoon campaign is seeking to develop capabilities that could affect critical communications infrastructure between the United States and the Asian region during future crises.”

Zschaeck added that many critical infrastructures in the hemisphere depend on connections and infrastructure in the Gulfs or the Panama Canal, which are the only countries that open doors to the world.

While China recognizes Volt Typhoon as a cybercrime organization, it denies the country’s involvement and says it is “an international ransomware group”.

Faced with the growing threat of cyber attacks, the United States is promoting cybersecurity and cyber defense training for its partners. The training is frequently incorporated into key exercises, such as those conducted by the US Southern Command (SOUTHCOM) with Latin American and Caribbean security forces.

In late April, a delegation from US Cyber ​​Command (CYBERCOM), America’s first line of defense against cyberattacks, visited the Inter-American Defense Board (IADB) in Washington, DC, to discuss the board’s cyber defense program. and to explore opportunities for collaboration. . The visit underscores the board’s commitment to international cooperation and the key role of cybercomm in the global cyber arena, the IADB indicated on April 29.

Examples of ongoing cooperation include the multinational military exercise CENTAM Guardian 2024 in Honduras, April 1-12, where participants demonstrated the use of digital tools to acquire information, detect, manage and counter cyber threats. Participated in many modules dedicated to cyber attacks to complete. or promoting cyber attacks. During the exercise, cybersecurity experts from the Arkansas Air National Guard and SOUTHCOM’s 189th Airlift Wing trained military members from El Salvador, Guatemala and Honduras.

In July 2023, participants in SOUTHCOM-sponsored Tradewinds, a joint, joint Caribbean-focused training exercise designed to strengthen partnerships and interoperability, held in this iteration in Georgetown, Guyana, on cybersecurity. Included in the ingredients. In the 2024 version held May 4-16 in Barbados, participants were also exposed to various cyber security exercises. Airspace magazine reported.

“One key point that makes the U.S. military much more resilient to cyberattacks than countries in our region is not their weapons capability, but their intelligence capability,” Zschaeck said. “Some countries in Latin America are better prepared than others. The problem is that we do not implement security in everything we do, because it means a price that not all organizations and countries are willing to accept. are

“For cybersecurity professionals and society in general, attacks like Volt-Typhoon can present a huge geopolitical threat to cybersecurity,” said Richard Forno, professor of computer science and electrical engineering at the University of Maryland. ” Infobae. “They are a reminder to everyone of what’s going on in the world, and to consider how current events can affect the privacy, integrity, and availability of everything digital.”

“Volt Typhoon won’t be the first and it won’t be the last. It’s going to be a lot more complicated in the next few years, not just from China, because Russia will launch attacks on this scale,” Zschaeck concluded. “We have to be flexible and be able to protect ourselves technologically, because the attacks are coming. That’s what the scenario looks like.”

Source link