CISA Advisory

PRC State-Sponsored Actors Compromise US Infrastructure

AA24-057A • Published February 26, 2024

Severity: critical

Chinese government hackers called Volt Typhoon have secretly broken into American power plants and water systems. They are hiding in these networks, not stealing anything yet, but positioning themselves to cause damage during a future conflict.

Overview

Joint advisory warning about Volt Typhoon, a PRC state-sponsored actor that has compromised US critical infrastructure organizations. The actors maintain long-term persistence using living-off-the-land techniques to avoid detection.

Who Is At Risk

  • Communications sector
  • Energy sector
  • Transportation systems
  • Water and wastewater systems
  • Government facilities

Affected Products

SOHO routers, VPN appliances, Network infrastructure devices

Is your business exposed?

Immediate Actions

  1. 1.

    Hunt for living-off-the-land techniques

  2. 2.

    Monitor for unusual use of built-in tools

  3. 3.

    Review network device configurations

  4. 4.

    Implement network segmentation

  5. 5.

    Enable enhanced logging on edge devices

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices