At a glance.
- Five Eyes publish report on Volt Typhoon.
- Fortinet clarifies issuance of FortiSIEM CVEs.
- Internet shutdowns in Pakistan and Senegal.
Five Eyes publish report on Volt Typhoon.
The US Cybersecurity and Infrastructure Security Agency (CISA), NSA, FBI, and the cybersecurity directorates of Australia, Canada, New Zealand, and the UK have published a joint advisory outlining the alleged Chinese state-sponsored threat actor Volt Typhoon's operations against US critical infrastructure.
The advisory states, "The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations—primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors—in the continental and non-continental United States and its territories, including Guam. Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts." The US agencies note that the threat actor has been "maintaining access and footholds within some victim IT environments for at least five years."
The advisory adds, "[The Canadian Centre for Cyber Security (CCCS)] assesses that the direct threat to Canada’s critical infrastructure from PRC state-sponsored actors is likely lower than that to U.S. infrastructure, but should U.S. infrastructure be disrupted, Canada would likely be affected as well, due to cross-border integration. ASD’s ACSC and NCSC-NZ assess Australian and New Zealand critical infrastructure, respectively, could be vulnerable to similar activity from PRC state-sponsored actors."