The United States through its National Security Agency (NSA) and Cibersecurity & Infrastructure Security Agency (CISA), Microsoft, and others have issued a joint Cybersecurity Advisory (CSA) intelligence bulletin singling out the US-based activities of Volt Typhoon, an organized, state-sponsored cybercriminal group operating out of China. The report outlines operations conducted on US soil towards infiltrating and compromising critical infrastructure in a number of fields. It further details how individuals tied to this group operated undetected on US soil: by deploying living-off-the-land (meaning isolated and self-sufficient cells) and hands-on-keyboard (operating entirely online) techniques.
According to Microsoft, it can say with moderate confidence that the group’s campaign aimed to pursue “the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
Volt Typhoon activities in the US date back to at least mid-2021, targeting multiple organizations spanning a multitude of economic areas. Communications, Manufacturing, Utility, Transportation, Construction, Maritime, Government, Information Technology, and Education sectors.
Digitization (the act of bringing digital capabilities to otherwise analog tasks) is a fact of our lives, as is its galloping increase – every year, new products appear that have added digital functionality. Since this functionality is usually worth the added investment (due to cost reduction, efficiency gains, practicality, or any other metric the market wills), both the analog and disconnected tools are slowly phased out until relegated towards oblivion or a niche. You’d be surprised at how much communications infrastructure is already reliant on digital systems.
Of course, the issue with digital systems is that they can be remotely hacked.
In a more tangible example, we look to when Microsoft helped Ukraine defuse Russian malware installed in the country’s tram infrastructure. The system had been infected with Wiper-type malware – able to delete entire systems or the crucial files needed for something such as the train control system inoperable. This happened before the war. After the invasion, that same train system evacuated a number of Ukrainian war refugees.
The issue here is that digitization means increased opportunity for remote access, which in turn increases the likelihood of attack (Russia spends less resources by digitally disabling a Ukrainian drone, for instance, than by firing a rocket at it). Even as our lives become more efficient, technological, and interconnected, more and more of its facets become vulnerable to what’s the least costly and most efficient type of attacks: the cyberattack.
Besides wanting to increase insulation from and military effectiveness in the event of conflict with the US, part of the reason for targeting American-Asian communications is called Taiwan. We’ve seen enough evidence of the tug-of-war between the US and China for the technological crown-jewel that is the Taiwan Semiconductor Manufacturing Company Limited (TSMC). Sometimes, being the most desired “object” in the room is simply not the best place to be.