Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) reported that threat actors linked to China, especially the group known as Volt Typhoon, were targeting critical U.S. sectors such as communications, energy, transportation, and water and wastewater systems. These activities are believed to be preparations for potential cyber warfare.
“Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts.”
These remarks came shortly after an unusual operation by the FBI and the Department of Justice to secure vulnerable routers being exploited by threat actors from the People’s Republic of China (PRC) to target U.S. critical infrastructure. FBI Director Christopher Wray has also supported CISA’s concerns.
At the CYBERWARCON conference last week, U.S. Cyber Command Executive Director Morgan Adamski revealed that the Cyber National Mission Force had been deployed 85 times over the past year to address cyber threats from the PRC and other adversaries. This marks a significant rise from the 22 missions conducted the previous year.