- Adahi Cybersecurity
- Posts
- 🐡 Volt Typhoon targets Guam critical infrastructure
🐡 Volt Typhoon targets Guam critical infrastructure
Microsoft uncovers state-sponsored cyber espionage campaign
Hafa adai Net Defenders 🛡️
estimated read time: 5 minutes
Welcome back to the weekly adahi.tech newsletter: the cyber typhoon shutters for the windows of your business!
What a storm! I hope you and your love ones are safe and wish the island a swift recovery. While Super Typhoon Mawar made it’s way through Guam, another type of cyber storm has been lurking. Microsoft announced that Guam has been a target for cyber espionage by alleged hacker group named Volt Typhoon. What a name - the name and timing is surreal. Here’s what we have this week:
⚡️ Volt Typhoon: The shocking unseen storm targeting Guam as announced by Microsoft Threat Intelligence.
🚨 Why Guam, and which organizations and agencies were targeted?
💪 What do we do? Post-Mawar resiliency as a model for our island’s security
It is alleged that this group is state-sponsored by the People’s Republic of China. They have been quietly operating since mid-2021 specializing in intelligence collection and digital disruption. This advanced persistent threat (APT) group is also known as Bronze Silhouette.
Why Guam, and really, we get this kind of stuff here? Our home is not just the sparkling waters of Tumon Bay, white sand beaches of Ritidian, and the Agat Mango Festival. We are “Where America’s Day Begins”. with robust military outposts that support nuclear subs, drones, aircraft carriers, stealth bombers, and communication satellites all across the island!
It doesn’t get more credible than this. The following agencies released a Joint Cybersecurity Advisory, link to the PDF below.
United States National Security Agency (NSA)
Cybersecurity and Infrastructure Security Agency (CISA)
U.S. Federal Bureau of Investigation (FBI)
Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS)
New Zealand National Cyber Security Centre (NCSC-NZ)
United Kingdom National Cyber Security Centre (NCSC-UK)
Volt Typhoon leverages network equipment like routers to stealthily evade detection from their targets. The compromised network devices are notably those that are internet facing having HTTP management or SSH service enabled.
🚨Why it matters?
If military presence is so apparently fortified on our humble island, what’s the big deal? While the Department of Defense has systems seemingly impenetrable to theses types of attacks, the advisory was specifically focused on the island’s local critical infrastructure sectors. According to Microsoft’s Threat Intelligence division, the threat actors used an attack called Living off the Land (LotL) focused on Guam’s utility, government, communications, education, maritime, manufacturing, information technology, transportation, and construction sectors.
💡 LotL attacks evade detection, because they use tools that are built into the systems they compromise - no need for installing malicious software.
Microsoft has directly notified targeted or compromised customers, providing them with important information needed to secure their environments. Organizations that believe they may have been targeted by this threat actor should contact CISA at 1-800-220-0001 or visit the CISA website at www.cisa.gov.
💪 Post-Mawar resiliency
As dawn broke over the battered landscape of Guam, it was clear that we will once again demonstrate our incredible resilience. The island community, known for its steadfast spirit, is picking up the pieces, rebuilding homes, restoring power lines, and reestablishing essential services. This powerful spirit of resilience mirrors the tenacity we need in the face of the cybersecurity threats lurking in our digital shadows.
The Volt Typhoon, an existential threat to our national security, might not batter our roofs or flood our streets, but its potential to disrupt and dismantle is equally, if not more, profound. Just as we've prepared for and recovered from the wrath of Super Typhoon Mawar, we must also anticipate and guard against this invisible digital tempest. The battle lines are not drawn on physical ocean boundaries, but in the complex, abstract landscape of cyberspace. As Guam's rebuilding efforts illustrate, the power of resilience cannot be underestimated. It is this very resilience, combined with a steadfast commitment to fortify our cyber defenses, that will equip us to weather the impending cybersecurity storm and protect our national security.
Preparation is of utmost importance. Having an extra gas can, servicing the generator, extra batteries. Being prepared takes the most effort and time, but can save you operational failure in the event of a natural disaster and cyber event.
The advisory provides a number of recommendations to help organizations protect themselves from this threat, including:
Implement strong security controls, such as multi-factor authentication, to make it more difficult for attackers to gain access to systems.
Monitor for suspicious activity, such as unusual network traffic or changes to system configurations.
Keep systems up to date with the latest security patches.
Train employees on cybersecurity best practices.
📣 Technical summaries and resources will be posted and updated regularly on our blog:
Please spread the word. If you know anyone working in the critical infrastructure sectors of our island, forward them this email. As we know from these difficult circumstances, it takes a community.
Adahi, Guahan!
-Jeff and the adahi.tech team
Have you been forwarded this from a colleague?
Sign up to the adahi.tech private list to receive weekly actionable insights from the ever changing world of cybersecurity.
We keep your feedback private. Unsubscribe anytime.