Volt Typhoon State-Sponsored Threat Actors Targeting Critical Infrastructure
Health-ISAC is distributing this bulletin for your situational awareness.
PDF Version:
Text Version:
Health-ISAC is disseminating this alert out of an abundance of caution influenced by risks and associated security implications stemming from the posturing of targeted cyber attacks against critical infrastructure. Attacks on water and wastewater systems have the potential to disrupt clean and safe drinking water, imposing significant costs on healthcare providers.
Specifically, state-sponsored threat actor activity associated with the People’s Republic of China (PRC) has been observed in cyberattacks against water systems. Threat actors are increasingly targeting critical infrastructure, seeking to disrupt essential services to inflict cascading impacts. Specific guidance for securing water and wastewater systems is available for critical infrastructure defenders around the globe.
On March 19, 2024, the Environmental Protection Agency (EPA) shared a letter discussing the urgent need to safeguard critical infrastructure against cyber threats. Specifically, the EPA emphasized drinking water and wastewater systems are critical resources, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks.
On February 7, 2024, Health-ISAC shared an alert titled People’s Republic of China (PRC) State-Sponsored Actors Compromise and Maintain Access to Critical Infrastructure, which focuses explicitly on attacks from Volt Typhoon. The alert includes a link to guidance for identifying and mitigating living off-the-land techniques commonly used by Volt Typhoon. Critical infrastructure organizations around the globe are encouraged to consider this guidance while securing healthcare sector infrastructure from attacks.
Recommendations
Critical infrastructure defenders are encouraged to ensure the following mitigation measures are implemented:
- – Implement multifactor authentication for access to the operational technology (OT) network whenever applicable.
- – If you require remote access, implement a firewall and/or virtual private network (VPN) to control network access. A VPN or gateway device can enable multifactor authentication for remote access even if the system does not support multifactor authentication.
- – Create strong backups of the logic and configurations of systems to enable fast recovery. Familiarize yourself with factory resets and backup deployment as preparation in the event of ransomware activity.
- – Keep systems updated with the latest versions by the manufacturer.
- – Confirm third-party vendors are applying applicable countermeasures to mitigate exposure of systems and all installed equipment.
Please also review the full PDF above for additional resources.
Subject to standard copyright rules, information may be distributed without restriction.
Access the Health-ISAC Intelligence Portal:
If you are a Health-ISAC Member, Enhance your personalized information-sharing community with improved threat visibility, alert notifications, and incident sharing in a trusted environment delivered to you via email and mobile apps. Contact membership@h-isac.org for access to Cyware.
For Questions or Comments:
Please email us at toc@h-isac.org
- Related Resources & News
- Health-ISAC Hacking Healthcare 10-15-2024
- Health-ISAC Welcomes Booz Allen Hamilton to the Ambassador Program
- Health-ISAC Hacking Healthcare 10-9-2024
- Monthly Newsletter – October 2024
- Health ISAC leads effort to transform SBOM information sharing under CISA-facilitated community work
- CyberEdBoard Insights: Phil Englert and Errol Weiss
- Health-ISAC Hacking Healthcare 9-10-2024
- Strengthening Healthcare Cybersecurity: Lessons from Recent Supplier Attacks
- Specialize in Securing Critical Infrastructure
- How AI is transforming cybersecurity, on defense and offense