Search This Blog

Tuesday, February 13, 2024

This Typhoon is not a weather or Insurance phenomenon

For an Insurer – STFI – would need no elaboration.  In Property Insurance parlance, it is : - coverage for perils - Storm, Tempest, Flood, Inundation, Hurricane, Cyclone, Typhoon and Tornado. (STFI) – in Standard Fire & Special Perils Policy.


A few months ago, a Typhoon was in news - when Microsoft Corp said in a blog post   that Volt Typhoon was "pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," it immediately brought to mind escalating tensions between China and the United States over Taiwan.  Its name is redolent of an exotic electrical storm. but is the hacking group “Volt Typhoon” an imminent danger to American infrastructure, or just a new crop of digital spies playing an old game?

A typhoon is a tropical cyclone that develops between 180° and 100°E in the Northern Hemisphere.This region is referred to as the Northwestern Pacific Basin, accounting for almost one-third of the world's annual tropical cyclones. The term hurricane refers to a tropical cyclone in the northcentral and northeast Pacific, and the north Atlantic.

Tropical cyclone, an intense circular storm that originates over warm tropical oceans and is characterized by low atmospheric pressure, high winds, and heavy rain. Drawing energy from the sea surface and maintaining its strength as long as it remains over warm water, a tropical cyclone generates winds that exceed 119 km (74 miles) per hour. In extreme cases winds may exceed 240 km (150 miles) per hour, and gusts may surpass 320 km (200 miles) per hour. Accompanying these strong winds are torrential rains and a devastating phenomenon known as the storm surge, an elevation of the sea surface that can reach 6 metres (20 feet) above normal levels. Such a combination of high winds and water makes cyclones a serious hazard for coastal areas in tropical and subtropical areas of the world.  

This is no post on weather phenomenon .. .. and this Typhoon is vastly different.  According to US,  Volt Typhoon, is  a state-sponsored actor based in China that typically focuses on espionage and information gathering.  The targeting of U.S. government and defense organizations for intelligence gain aligns with PRC requirements, and the tradecraft observed in these engagements overlap with other state-sponsored Chinese threat groups. 

The hackers, known to the private sector as “Volt Typhoon,” used privately-owned SOHO routers infected with the “KV Botnet” malware to conceal the PRC origin of further hacking activities directed against U.S. and other foreign victims.  Relations between the US and China – particularly over Beijing’s threats to annex Taiwan – have plummeted in recent years, prompting growing concern about the potential for hostilities or all-out conflict. So recent revelations that a Chinese hacking network known as Volt Typhoon had been lying dormant inside US critical infrastructure for as long as five years have sparked considerable alarm.

The network exploited US technological and security weaknesses. But rather than stealing secrets, US and allied intelligence services said it was focused on “pre-positioning” itself for future acts of sabotage.  FBI director Christopher Wray told a US committee hearing  that Volt Typhoon was “the defining threat of our generation”. Western intelligence officials say Volt Typhoon – also known as Vanguard Panda, Brronze Silhouette, Dev-0391, UNC3236, Voltzite, and Insidious Taurus – is a state-supported Chinese cyber operation that has compromised thousands of internet-connected devices. They said it was part of a larger effort to infiltrate western critical infrastructure, including naval ports, internet service providers, communications services and utilities.

The new advisories on Volt Typhoon followed a recent announcement by US authorities that they had dismantled a bot network of hundreds of compromised devices, attributing it to the hacking network.  They state that Volt Typhoon works by exploiting vulnerabilities in small and end-of-life routers, firewalls and virtual private networks (VPNs), often using administrator credentials and stolen passwords, or taking advantage of outmoded tech that hasn’t had regular security updates – key weaknesses identified in US digital infrastructure. It uses “living off the land” techniques, whereby malware only uses existing resources in the operating system of what it’s targeting, rather than introducing a new (and more discoverable) file.  

Volt Typhoon has been active since mid-2021, according to a Microsoft investigation published last year. However, Beijing routinely denies any accusations of cyber-attacks and espionage linked to or backed by the Chinese state.   

The widespread nature of the hacks has led to a series of meetings between the White House and the private technology industry, including several telecommunications and cloud computing companies, in which the US government asked for assistance in tracking the activity.

With regards – S Sampathkumar
13th Feb 2024.


1 comment:

  1. Excellently written Sampath. Particularly, the method of starting with tropical cyclones and segueing to domant malware and state sponsored espionage is awesome way of storytelling.

    Keep going.