A recent report from Microsoft and the National Security Agency reveals a targeted cyberattack by a Chinese hacking group on critical infrastructure organizations in the United States. The attack was carried out by a state-sponsored group known for espionage and information gathering.
Who is this hacker group targeting?
The hacker group, known as Volt Typhoon, is believed to be behind a mysterious computer code that was discovered in telecommunications systems across the United States, including Guam.
The presence of this code is concerning due to Guam’s strategic importance in potential military responses to a Taiwan invasion or blockade, given its Pacific ports and significant American air base. The code, referred to as a “web shell,” is a malicious script that grants unauthorized remote access to a server.
Other organizations believed to be affected span various sectors, including information technology, education, communications, maritime, government, manufacturing, utilities, transportation and construction. The hacking group’s behavior suggests a focus on long-term access and espionage, with an aim to remain undetected within target networks.
Volt Typhoon’s stealthy tactics
Volt Typhoon achieves initial access to their targeted organizations through Fortinet FortiGuard devices. These devices are designed to help protect organizations from cyber threats. However, in this case, the hackers find weaknesses or loopholes in the FortiGuard devices that allow them to break in.
They try to mask their activity by sending data traffic through small business and home office network hardware they control, such as firewalls, routers and VPN hardware. They also rely on resources already within their operating systems. Once they have gained this initial access, the hackers can then proceed to carry out further malicious activities within the targeted organizations.
What damage could this all cause?
Volt Typhoon could use their tactics to damage infrastructure plans for the U.S., or it could be part of a larger plan that China is brewing that is connected to the spy balloon that floated across American nuclear sites in late January and early February of this year.
The biggest security concern is for Anderson Air Force Base in Guam. If that gets attacked, it could reveal some much-needed answers to China for a desired attack on Taiwan. Plus, it is a major hub for many of our country’s ships stationed in the Pacific Ocean. Because of these threats, the Biden administration says it will be stepping in to help protect its infrastructure with new security requirement plans.
Following Microsoft’s report, China has vehemently denied the allegations.
What steps can I take at home?
It is worth mentioning that Microsoft did make a statement about how people can protect themselves by saying, “Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments.”
Although this is likely to help prevent attacks on a much larger scale than individual’s devices, it is a good reminder to take the proper precautionary steps for yourself to protect your data and privacy.
Enable two-factor authentication
Whenever possible, enable two-factor authentication for your accounts and devices. This adds an extra layer of security by requiring a secondary verification method, such as a unique code sent to your mobile device in addition to your password.
Keep your software up to date
Regularly update your operating system, web browsers and other software on your device. These updates often include security patches that address vulnerabilities and protect against known threats.
Watch out for phishing emails and texts
If you get an email or a text message asking you to click a link either to view or verify your information, don’t fall for it. Hackers use this technique all the time to try to fool people. They’ll even pretend to be a real high-ranking official from the IRS or some other government organization to try to scare you into falling for their schemes.
Have good antivirus software on all your devices
Having antivirus software running on your devices will make sure you are stopped from clicking on any malicious links or from downloading any files that will release malware into your device and potentially have your private information stolen. The software will also remove any existing malware from your devices.
See my expert review of the best antivirus protection for your Windows, Mac, Android, and iOS devices by visiting CyberGuy.com/LockUpYourTech.
Use strong and unique passwords
Create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts. Consider using a password manager to securely store and generate complex passwords. It will help you to create unique and difficult-to-crack passwords that a hacker could never guess. Second, it also keeps track of all your passwords in one place and fills passwords in for you when you’re logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.
What qualities should I look for in a password manager?
When it comes to choosing the best password manager for you, here are some of my top tips.
- Deploys secure
- Works seamlessly across all of your devices
- Creates unique complicated passwords that are different for every account
- Automatically populates login and password fields for apps and sites you revisit
- Has a browser extension for all browsers you use to automatically insert passwords for you
- Allows a failsafe in case the primary password is ever lost or forgotten
- Checks that your existing passwords remain safe and alerts you if ever compromised
- Uses two-factor authentication security.
Check out my best expert-reviewed password managers of 2023 by heading to CyberGuy.com/Passwords.
Use a VPN
Consider using a VPN to protect against being tracked and to identify your potential location on websites that you visit. Many sites can read your IP address and, depending on their privacy settings, may display the city from which you are corresponding. A VPN will disguise your IP address to show an alternate location.
For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices by visiting CyberGuy.com/VPN.
Kurt’s key takeaways
This latest news about the Chinese hacking group called Volt Typhoon is troubling. They are targeting critical infrastructure organizations in the U.S. with stealthy tactics to conduct espionage activities. There are concerns about potential damage to infrastructure plans and national security. The Biden administration plans to implement new security requirements to protect U.S. infrastructure. This is a good reminder to do what you can to protect your data and privacy. I recommend you install antivirus software, use a password manager, and consider using a VPN to protect against potential cyber threats.
How concerned are you for the safety of our infrastructure now that you know about Volt Typhoon and its malicious plans? How ready is your own technology to fend off an attack? Let us know by writing us at CyberGuy.com/Contact.
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter.
Copyright 2023 CyberGuy.com. All rights reserved.