Disruptive cyberattacks linked to the People’s Republic of China and its spy agencies are a growing threat, analysts say. Of increasing concern is China state-sponsored hacking gang Volt Typhoon. The cyberespionage gang’s activities have led the global intelligence alliance known as Five Eyes, comprising Australia, Canada, New Zealand, the United Kingdom, and the United States, to issue two warnings a month apart in the first trimester of 2024, urging critical infrastructure owners and operators worldwide to protect their facilities.
“The objective is clear: to affect the critical infrastructure of all countries,” Erich Zschaeck, a Chilean consultant and cybersecurity expert, told Diálogo on May 8. “In our region, this would affect the generation of energy, water, public services, telecommunications, and all services that could impact not only companies but also the population.”
Volt Typhoon operates under many names. It is also known as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite and Insidious Taurus. This malicious actor typically focuses on espionage and information gathering, a Microsoft report indicated.
Volt Typhoon uses malicious software to penetrate the internet, exploiting vulnerabilities such as weak passwords, factory default logins and devices that are not regularly updated. The program takes control of vulnerable internet devices such as routers and security cameras. It hides and establishes a beachhead in advance of using that system to launch future attacks.
Since security analysts publicly identified it in May 2023, Volt Typhoon has compromised thousands of devices worldwide, although the group is likely to have targeted infrastructure as early as mid-2021 and possibly much earlier, Microsoft reported. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt the critical communications infrastructure between the United States and Asian regions during future crises.”
“Many critical infrastructures in the hemisphere depend on connections and infrastructures in the Gulfs or the Panama Canal, which are in just those countries that open the gates to the world,” Zschaeck added.
While China recognized Volt Typhoon as a cybercriminal organization, it denied the country’s involvement and said it was “an international ransomware group.”
Faced with the increasing threat of cyberattacks, the United States is promoting cybersecurity and cyber defense training for its partners. The trainings are recurrently incorporated into key exercises, such as those U.S. Southern Command (SOUTHCOM) carries out with Latin American and Caribbean security forces.
In late April, a delegation from U.S. Cyber Command (CYBERCOM), the U.S. first line of defense against cyberattacks, visited the Inter-American Defense Board (IADB) in Washington, D.C., to discuss the Board’s Cyber Defense program and explore opportunities for collaboration. The visit underscores the Board’s commitment to international cooperation and CYBERCOM’s key role in the global cyber arena, the IADB indicated on April 29.
Examples of ongoing cooperation, include multinational military exercise CENTAM Guardian 2024 held in Honduras, April 1-12, where participants took part in many modules dedicated to cyberattacks, to perfect the use of digital tools to capture information, explore, manage, and counter cyberthreats or developing cyberattacks. During the exercise, cybersecurity experts from the 189th Airlift Wing of the Arkansas Air National Guard and SOUTHCOM trained military members from El Salvador, Guatemala, and Honduras.
In July 2023, participants of SOUTHCOM-sponsored Tradewinds, a combined, joint Caribbean focused training exercise designed to strengthen partnerships and interoperability, carried out in Georgetown, Guyana in this iteration, delved into cybersecurity components. In the 2024 version conducted in Barbados, May 4-16, participants also faced various cybersecurity exercises, Argentina’s Espacio Aéreo magazine reported.
“A key point that makes the U.S. military much more resilient to cyberattacks, compared to countries in our region, is not so much their weapons capability, but their intelligence capability,” Zschaeck said. “In Latin America there are some countries better prepared than others. The problem is that we don’t implement security in everything we do, because that implies a cost that not all organizations and countries are willing to accept.”
“For cybersecurity professionals and society in general, attacks like Volt Typhoon can represent a huge geopolitical threat to cybersecurity,” Richard Forno, professor of Computer Science and Electrical Engineering at the University of Maryland, told Infobae. “They are a reminder for everyone to monitor what is happening in the world, and consider how current events may affect the confidentiality, integrity, and availability of everything digital.”
“Volt Typhoon is not going to be the first and it’s not going to be the last. In the next few years this is going to get much more complex, not just from China, as Russia will come out with attacks on this scale,” Zschaeck concluded. “We have to be resilient and able to insulate ourselves technologically, because the attacks are going to come. That’s what the scenario looks like.”