Connect with us

Hi, what are you looking for?



Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon.

Chinese cyber threats

Government agencies in the US, UK, Canada, Australia, and New Zealand are warning critical infrastructure entities of the threat posed by Volt Typhoon, a Chinese state-sponsored group that hacked thousands of organizations worldwide.

Following a February CISA advisory on Volt Typhoon pre-positioning itself in critical infrastructure organizations’ networks for disruption or destruction purposes, the Five Eyes agencies are now providing guidance on how critical infrastructure entities can defend against the threat.

The advanced persistent threat (APT) actor successfully hacked US communications, energy, transportation systems, and water and wastewater organizations, the Five Eyes advisory (PDF) notes.

To defend against the risk associated with Volt Typhoon, leaders of critical infrastructure entities should empower cybersecurity teams to make informed resourcing decisions, including by using intelligence-informed prioritization tools, the agencies say.

They should also empower cybersecurity teams to effectively apply detection and hardening best practices, receive continuous cybersecurity training and skill development, and develop comprehensive information security plans.

“Volt Typhoon does not rely on malware to maintain access to networks and conduct their activity. Rather, they use built-in functions of a system. This technique, known as ‘living off the land,’ enables them to easily evade detection. To protect against living off the land, organizations need a comprehensive and multifaceted approach,” the advisory reads.

Smaller organizations that do not have a cybersecurity team should obtain managed security services, the Five Eyes agencies say.

Organizations are also advised to secure their supply chain by establishing strong vendor risk management processes, ensuring due diligence is exercised for procurement, ensuring vendors enable interoperability as a best practice, and identifying and limiting the use of products that break the principle of least privilege.

Advertisement. Scroll to continue reading.

The guidance also recommends implementing incident response plans and reviewing and updating them regularly, and immediately reporting incidents to one of the authoring agencies.

Critical infrastructure organization leaders are urged to read the guidance and apply the recommendations to defend against Volt Typhoon and similar threats.

Related: US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon

Related: China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments

Related: Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.


Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...


US National Cybersecurity Strategy pushes regulation, aggressive 'hack-back' operations.