CISA director Jen Easterly has called on all critical infrastructure organizations to review and implement the recommended actions from the advisory and to report any Volt Typhoon activity. The advisory and subsequent guide are the results of collaboration with industry, federal, and international partners, aiming to provide actionable guidance to stakeholders.
The US government has taken steps to counter these threats, including disabling compromised small office/home office (SOHO) routers used by Volt Typhoon. The group, linked to China’s Ministry of State Security (MSS), has been active since at least 2021 and is known for its advanced use of “living-off-the-land” techniques. These techniques allow threat actors to blend in with normal system activities, making their detection and mitigation challenging.
The Five Eyes allies have released additional guidance to help critical infrastructure operators identify and mitigate such sophisticated techniques. This guidance emphasizes the importance of implementing robust cybersecurity measures, including logging, network segmentation, authentication controls, and user and entity behavior analytics (UEBA), to protect against these evolving threats.
Source: Infosecurity Magazine
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.