Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 9 submissions in the queue.
posted by janrinok on Sunday November 17, @07:51PM   Printer-friendly

China's Volt Typhoon Breached Singtel, Reports Say

Arthur T Knackerbracket has processed the following story:

The digital break-in was discovered in June, according to Bloomberg, citing "two people familiar with the matter" who told the news outlet that the Singtel breach was "a test run by China for further hacks against US telecommunications companies."

In February, the feds and other nations' governments warned that the Beijing-backed crew had compromised "multiple" critical infrastructure orgs' IT networks in America and globally, and were "disruptive or destructive cyberattacks" against those targets.

Volt Typhoon's targets include communications, energy, transportation systems, and water and wastewater systems. 

"Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the US, Canada, UK, Australia, and New Zealand said at the time.

More recently, another Chinese-government-backed group Salt Typhoon was accused of breaking into US telecom companies' infrastructure. These intrusions came to light in October with the spies reportedly breaching Verizon, AT&T, and Lumen Technologies, although all three have thus far declined to comment to The Register about the hacks.

Salt Typhoon also reportedly targeted phones belonging to people affiliated with US Democratic presidential candidate Kamala Harris, along with Republican candidate Donald Trump and his running mate, JD Vance.

Volt Typhoon And Its Botnet Surge Back With A Vengeance

Arthur T Knackerbracket has processed the following story:

China's Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.

The alert comes nearly ten months after the Feds claimed a victory against the Chinese government-linked miscreants, when the FBI infiltrated the operation and then remotely wiped the botnet.

At the time, the US Justice Department warned that Volt Typhoon had infected "hundreds" of outdated Cisco and Netgear boxes with malware so that the devices could be used to break into US energy, water, and other vital facilities. Plus, the crew had been targeting American critical organizations as far back as 2021.

Just last week, news reports emerged that the same cyber espionage crew had breached Singapore Telecommunications over the summer as a "test run by China for further hacks against US telecommunications companies."

"Once thought dismantled, Volt Typhoon has returned, more sophisticated and determined than ever," declared Ryan Sherstobitoff, SVP of threat research and intelligence at SecurityScorecard. 

In a Tuesday report, Sherstobitoff revealed that the security shop's Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team had spotted Volt Typhoon exploiting outdated Cisco RV320/325 routers and Netgear ProSafe routers. 

"These end-of-life devices become perfect entry points, and in just 37 days, Volt Typhoon compromised 30 percent of visible Cisco RV320/325 routers," Sherstobitoff wrote.

When asked about specific vulnerabilities being abused, Sherstobitoff told The Register: "There are no clear CVEs that Volt is exploiting in current Cisco devices."

But, he added, because the routers are end-of-life, the vendor no longer issues security updates. "This leads to increased exploitation of existing ones," Sherstobitoff warned.

Since the disruption and subsequent rebuilding of the botnet, the threat hunters have seen "a few dozen" compromised devices, he told us. However, he noted, "we have observed changes in command and control servers being deployed into other network providers."

The FBI declined to comment on Volt Typhoon's reported resurgence, and the US government's Cybersecurity and Infrastructure Agency did not immediately response toThe Register's inquiries.

The Chinese crew's botnet first came to light in 2023, after Microsoft and intelligence agencies from the Five Eyes nations disclosed that Volt Typhoon had accessed networks belonging to US critical infrastructure organizations.

The spy gang, we're told, had built a botnet from Cisco and Netgear routers identified by a self-signed SSL certificate named JDYFJ. This botnet, according to SecurityScorecard, used command-and-control (C2) infrastructure in the Netherlands, Latvia, and Germany to disguise its malicious traffic.

By October 2023, Volt Typhoon had taken up occupancy, rent-free, on a compromised VPN device in New Caledonia. This created "a covert bridge between Asia-Pacific and the Americas" that kept "their network alive, hidden from standard detection," Sherstobitoff wrote. 

In January 2024, the FBI-led effort disrupted some of Volt Typhoon's infrastructure. However, in the Tuesday report, Sherstobitoff explains the Chinese spies rapidly set up new C2 servers on Digital Ocean, Quadranet, and Vultr and also registered fresh SSL certificates to avoid the prying eyes of law enforcement.

As of September, "the botnet persists," he wrote. It uses the JDYFJ cluster to route traffic globally. "Connections from New Caledonia and router nodes remain active for over a month, reinforcing Volt Typhoon's infrastructure."

This report comes as government officials and private security firms alike have noted an uptick in Chinese cyber spy activity on US and global networks.

Last week, Bloomberg said Volt Typhoon had broken into Singtel's networks before being spotted in June, and had used a web shell in that security breach.


Original Submission #1Original Submission #2

Related Stories

US House to Vote to Provide $3 Billion to Remove Chinese Telecoms Equipment 24 comments

From reuters.com:

The U.S. House of Representatives is set to vote next week on an annual defense bill that includes just over $3 billion for U.S. telecom companies to remove equipment made by Chinese telecoms firms Huawei and ZTE (000063.SZ) , opens new tab from American wireless networks to address security risks.

The 1,800-page text was released late Saturday and includes other provisions aimed at China, including requiring a report on Chinese efforts to evade U.S. national security regulations and an intelligence assessment of the current status of China's biotechnology capabilities.

The Federal Communications Commission has said removing the insecure equipment is estimated to cost $4.98 billion but Congress previously only approved $1.9 billion for the "rip and replace" program.

Washington has aggressively urged U.S. allies to purge Huawei and other Chinese gear from their wireless networks.

FCC Chair Jessica Rosenworcel last week again called on the U.S. Congress to provide urgent additional funding, saying the program to replace equipment in the networks of 126 carriers faces a $3.08 billion shortfall "putting both our national security and the connectivity of rural consumers who depend on these networks at risk."

She has warned the lack of funding could result in some rural networks shutting down, which "could eliminate the only provider in some regions" and could threaten 911 service.

Competitive Carriers Association CEO Tim Donovan on Saturday praised the announcement, saying "funding is desperately needed to fulfill the mandate to remove and replace covered equipment and services while maintaining connectivity for tens of millions of Americans."

In 2019, Congress told the FCC to require U.S. telecoms carriers that receive federal subsidies to purge their networks of Chinese telecoms equipment. The White House in 2023 asked for $3.1 billion for the program.

Senate Commerce Committee chair Maria Cantwell said funding for the program and up to $500 million for regional tech hubs will be covered by funds generated from a one-time spectrum auction by the FCC for advanced wireless spectrum in the band known as AWS-3 to help meet rising spectrum demands of wireless consumers.

Recently:


Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: -1, Redundant) by Anonymous Coward on Sunday November 17, @08:10PM (1 child)

    by Anonymous Coward on Sunday November 17, @08:10PM (#1382203)

    Everyone knows China has an agreement with Orange Jesus and Musk to operate Volt Typhoon against the Libs...

    • (Score: 1, Touché) by Anonymous Coward on Monday November 18, @02:42AM

      by Anonymous Coward on Monday November 18, @02:42AM (#1382227)

      Aren't you aware? There is a green site that's just like here but there, your comment would have been modded up +5 insightful. Maybe you should consider that option.

(1)