NSA chinese hackers

NSA Issues Warning: Chinese Hackers Pose Ongoing Threat to US Critical Infrastructure

The United States National Security Agency (NSA) has issued a warning about the persistent threat of Chinese government-backed hackers infiltrating US critical infrastructure.

At the Cyberwarcon security conference, NSA officials, including Morgan Adamski, director of the NSA’s Cybersecurity Collaboration Center, urged the cybersecurity community to be vigilant against Beijing-sponsored groups like Volt Typhoon. This Chinese group has been targeting critical infrastructure networks, including power grids, according to warnings issued since May.

The NSA highlighted the sophisticated nature of the threat, emphasizing the use of “living off the land” techniques, where hackers manipulate legitimate tools rather than malware for clandestine operations. Chinese hackers exploit a substantial stockpile of zero-day vulnerabilities for intrusion, collected through research and disclosure laws. Adamski noted that China seeks unauthorized access to systems, strategically positioning itself to quietly infiltrate critical networks for long-term exploitation. The threat is pervasive, sophisticated, and pre-positioned with intent.

Microsoft’s Mark Parsons and Judy Ng provided updates on Volt Typhoon’s activities, noting a resurgence in August with improved operational security. The group, previously dormant in the spring and summer, targeted not only universities and US Army Reserve Officers’ Training Corps programs but also additional US utility companies. While the primary motive is suspected to be espionage-related, there’s concern about the potential for destruction or disruption in times of need.

The NSA urged network defenders to manage and audit system logs for anomalous activity, implement two-factor authentication, and limit system privileges to mitigate the risk of compromise. They stressed the importance of not only patching software vulnerabilities but also reviewing logs to ensure that vulnerabilities were not exploited before patching. The collaborative effort of internet service providers, cloud providers, cybersecurity companies, and device manufacturers is crucial to defending US critical infrastructure.

In summary, the NSA, alongside its “Five Eyes” intelligence allies, warns of the sophisticated and pervasive threat from Chinese-backed hackers, particularly Volt Typhoon, targeting critical US infrastructure. Heightened cybersecurity measures, including vigilance, best practices, and collaboration across industries, are crucial to safeguarding against potential exploitation and disruption.