Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Commentary on Salt Typhoon Cyberattacks from Semperis

September 2024 by Sean Deuby, Principal Technologist, Semperis

Commentary on Salt Typhoon Cyberattacks from Sean Deuby Principal Technologist, Semperis:

It should surprise no one that hacking groups linked to China have again stealthily infiltrated the networks of critical infrastructure providers in the U.S. The threat their hackers pose to democratic nations is massive. This latest state-sponsored attack, dubbed Salt Typhoon should be a wakeup call to all public and private sector companies such as water treatment plants, airports, oil & gas companies, healthcare organisations, and ISPs: you are in China’s crosshairs.
When China’s digital armies of hackers wake up each morning, their singular goal is to infiltrate, surveil, and compromise public and private sector entities in the U.S. and abroad. In fact, before this latest revelation the Biden administration warned U.S. governors that nefarious actors such as China’s Volt Typhoon cyber group were increasing their attacks on the operators of U.S. water treatment plants.
I’m not surprised Beijing is claiming plausible deniability in conducting the Salt Typhoon campaign against ISPs; their denial of involvement is hogwash and everyone including their government knows it. Their denial is step 1 in their hacking operation playbook.
In addition, last year’s hacking of State Department emails prior to Secretary Blinken’s visit to Beijing is another reminder that both countries continue playing the dangerous game of cat and mouse. That breach was specifically an intelligence gathering mission by the Chinese government to discover the Biden administration’s strategy. Rest assured the digital armies of U.S. cyber intruders are working just as hard to steal Chinese secrets and proprietary information and any nation that sponsors cyberattacks against this country.
Today, there is no silver bullet that will solve the cybersecurity challenges facing public and private sector organisations. Well-trained hacking teams like the ones conducting Salt Typhoon are skilled and persistent and their goal is to breach a network and work stealthy for as long as necessary until they achieve their goal of theft and/or disruptions to critical services.
One common thread across all of these campaigns is the use of identity for initial access, propagation, privilege escalation, and persistence. For example, Volt Typhoon harvested Active Directory-based credentials from Fortinet internet-facing devices for initial access. Organisations should prioritise protecting these mission-critical systems that are always targeted by threat actors, whether they’re nation state actors or cybercriminals. This includes around the clock threat hunting, increasing security audits, organising security awareness training for employees, and locking down their identity system, likely Active Directory because it’s a hacker’s highway.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts