{"id":34034,"date":"2024-02-16T17:34:58","date_gmt":"2024-02-16T17:34:58","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=34034"},"modified":"2024-02-16T17:35:02","modified_gmt":"2024-02-16T17:35:02","slug":"cisa-issues-alerts-after-volt-typhoon-attacks-us-networks","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/","title":{"rendered":"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts"},"content":{"rendered":"\n<p>Volt Typhoon, a notorious cyber group linked to the People&#8217;s Republic of China, has expanded its operations beyond illegal access and data theft. This state-backed hacker collective, also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious Taurus, has infiltrated the networks of critical infrastructure sectors ranging from aviation to maritime in a strategic bid for future catastrophic cyberattacks.<\/p>\n\n\n\n<p>With a <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa24-038a?utm_source=CISACyber&amp;utm_medium=post&amp;utm_campaign=VT_020724\" target=\"_blank\" rel=\"noreferrer noopener\">joint advisory<\/a> from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) published on February 7, 2024, exposing their tactics, international collaboration sponsored by these agencies emphasizes the importance of worldwide vigilance against the harmful cyberthreats targeting key systems.<\/p>\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6d3cf711cb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6d3cf711cb\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#Timeline-of-Volt-Typhoons-Cyber-Intrusions\" title=\"Timeline of Volt Typhoon\u2019s Cyber Intrusions\">Timeline of Volt Typhoon\u2019s Cyber Intrusions<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#How-Volt-Typhoon-Attacks\" title=\"How Volt Typhoon Attacks\">How Volt Typhoon Attacks<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#Living-off-the-Land-Techniques\" title=\"Living off the Land Techniques\">Living off the Land Techniques<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#Mitigations\" title=\"Mitigations\">Mitigations<\/a><\/li><\/ul><\/nav><\/div>\n\n<!-- ICP Plugin: Start --><div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n    \n        <!--\n            ICP Plugin - body top3\n            ----------\n            Category: \n            Country: HK\n        -->\n    <\/div>\n<!-- ICP Plugin: End -->\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Timeline-of-Volt-Typhoons-Cyber-Intrusions\"><\/span>Timeline of Volt Typhoon\u2019s Cyber Intrusions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>In 2021, <a href=\"https:\/\/attack.mitre.org\/groups\/G1017\/\" target=\"_blank\" rel=\"noreferrer noopener\">BRONZE SILHOUETTE<\/a>, later dubbed &#8220;Volt Typhoon&#8221; by Microsoft, targeted U.S. government and defense institutions for intelligence gathering. Using web shells, they attacked weak internet servers, specifically a Houston port. Attacks on telecom corporations, government institutions, and utilities then followed in a predictable pattern.<\/p>\n\n\n\n<p>In November 2021, the FBI <a href=\"https:\/\/www.ic3.gov\/Media\/News\/2021\/211117-2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">disclosed<\/a> a FatPipe VPN exploit that enabled backdoor access via web shells. Despite initial suspicions, encrypted communications with specific keys linked the attacks to the previous ones, indicating an organized effort.<\/p>\n\n\n\n<p>A year after the Houston port incident, Guam&#8217;s two major telecoms faced overlapping cyberattacks. Guam&#8217;s geopolitical significance makes telecoms key targets; compromising them results in widespread access to their crucial infrastructure.<\/p>\n\n\n\n<p>Volt Typhoon struck again on several U.S. sectors in 2023, which raised concerns about its main goal: a widespread disruption. Microsoft then dubbed the group &#8220;Volt Typhoon,&#8221; describing its meticulous approach to identifying and exploiting vulnerabilities.<\/p>\n\n\n\n<p>In February 2024, the CISA, NSA, and FBI warned of PRC cyber actors pre-positioning themselves again to disrupt the IT networks of U.S. critical infrastructure in the case of a major U.S. crisis.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"How-Volt-Typhoon-Attacks\"><\/span>How Volt Typhoon Attacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The Cybersecurity and Infrastructure Security Agency (CISA) has revealed the complexities of Volt Typhoon&#8217;s cyberattacks, listing their typical activities into four steps: reconnaissance, initial access, lateral movement, and potential impact.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Reconnaissance<\/h3>\n\n\n\n<p>Reconnaissance is the starting point of Volt Typhoon&#8217;s cyber campaign, characterized by thorough planning and data collection. They use advanced tools and techniques to scan the internet for vulnerable devices within their target networks, leveraging resources such as Shodan, a search engine specifically designed for locating and accessing Internet-connected devices and services, to identify potential entry points.<\/p>\n\n\n\n<p>It&#8217;s an in-depth assessment of the target&#8217;s network infrastructure, with a focus on discovering vulnerable devices such as routers and VPNs. Volt Typhoon prepares for future stages of operation by gathering vital knowledge on <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network security<\/a> and topology, system configurations, and potential vulnerabilities. This enables them to adapt their approach, identifying weak places in the target&#8217;s defenses and increasing the impact of their infiltration attempts.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Initial Access<\/h3>\n\n\n\n<p>Armed with extensive reconnaissance data, Volt Typhoon moves on to the initial access step, exploiting identified vulnerabilities to penetrate the target network&#8217;s perimeter. This phase gains them critical access to the target environment, made possible by exploiting known or zero-day vulnerabilities in public-facing network appliances. They exploit routers, VPNs, and other network devices, using them as entry points for Volt Typhoon to get a foothold in the network.<\/p>\n\n\n\n<p>Once inside, they quickly establish their presence, frequently using backdoors or other persistence techniques to keep access and avoid discovery. This gives Volt Typhoon what they need to move on to the next phase of their operation, allowing them to enter important systems and infrastructure with ease.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Lateral Movement<\/h3>\n\n\n\n<p>Following initial access, Volt Typhoon begins the phase of lateral movement within the target network. Using stolen credentials obtained during reconnaissance or existing vulnerabilities, they browse the network&#8217;s interconnected systems, gradually expanding their reach and obtaining access to other key assets.<\/p>\n\n\n\n<p>This phase involves a systematic and methodical approach to escalating privileges, maneuvering discreetly, and blending into normal network traffic to escape detection. Volt Typhoon&#8217;s goal in moving laterally throughout the network is to widen their foothold, deepen their penetration, and optimize their capacity to influence and corrupt vital infrastructure components.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Potential Impact<\/h3>\n\n\n\n<p>The culmination of Volt Typhoon&#8217;s intricate tactics might have a tremendous impact on the targeted systems and infrastructure. With increased <a href=\"https:\/\/www.esecurityplanet.com\/products\/network-access-control-solutions\/\">network access and control<\/a>, they have the capacity to alter operational technology (OT) assets and disrupt critical services.<\/p>\n\n\n\n<p>They strengthen their control and avoid discovery by stealthily gathering security event logs and corrupting Active Directory data, escalating the severity of their damage. Their acts might cause widespread disruption of key services like electricity grids and water treatment facilities, as well as compromise sensitive data and undermine national security.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"630\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks-figure_a.jpg\" alt=\"Infographic detailing how Volt Typhoon attacks.\" class=\"wp-image-34037\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks-figure_a.jpg 1200w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks-figure_a-300x158.jpg 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks-figure_a-1024x538.jpg 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks-figure_a-768x403.jpg 768w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption class=\"wp-element-caption\">Image from &#8220;Typical Volt Typhoon Activity&#8221; CISA Advisory<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Living-off-the-Land-Techniques\"><\/span>Living off the Land Techniques<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Volt Typhoon uses <a href=\"https:\/\/www.esecurityplanet.com\/networks\/living-off-the-land-attacks\/\">living-off-the-land (LotL)<\/a> tactics, leveraging valid system tools to maintain long-term, undetected access to the target environment. They execute harmful acts using built-in operating system functions, such as Windows, rather than traditional malware. They conceal their actions by combining them with normal network traffic using native system utilities like Windows Management Instrumentation (WMI) and command-line functions.<\/p>\n\n\n\n<p>Using &#8220;<a href=\"https:\/\/lolbas-project.github.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">living off the land binaries<\/a>,&#8221; they conceal their operations within ordinary system characteristics, bypassing simple endpoint security protections. Volt Typhoon may undertake operations discreetly without the need for custom tools, further gaining stealth and persistence.<\/p>\n\n\n\n<p>LotL emerged in 2018 and became a popular strategy among malicious actors due to its effectiveness in ensuring covert persistence and discovery evasion. Analysts and security software frequently struggle to spot malicious activity disguised as normal ones, complicating <a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">intrusion detection<\/a> and mitigation efforts.<\/p>\n\n\n\n<p>LotL tactics are not only used by nation-state entities such as Volt Typhoon. It\u2019s also used by ransomware actors that want to propagate malware using remote monitoring and management tools. As attackers continue to develop, LotL is projected to expand further. This could offer substantial difficulties to cybersecurity experts in the coming years.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Mitigations\"><\/span>Mitigations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Mickey Bresman, CEO of the Active Directory security and recovery platform Semperis, emphasizes the significance of adopting an &#8220;assume breach mindset&#8221; and establishing strong mitigations to improve the resilience of important systems. He also points out that the ease and frequency with which Volt Typhoon hackers infiltrate and exit networks should raise alarms.<\/p>\n\n\n\n<p>To combat the <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security-threats\/\">network security threats<\/a> brought by Volt Typhoon, Bresman proposes several critical mitigations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Assess critical systems:<\/strong> Organizations must identify and prioritize critical systems, including infrastructure such as <a href=\"https:\/\/www.esecurityplanet.com\/networks\/active-directory-compromised\/\">Active Directory (AD)<\/a>, which is a common target for cyberattacks.<\/li>\n\n\n\n<li><strong>Assume breach mindset:<\/strong> If one compromised environment or malware is detected, there are certainly more to come.<\/li>\n\n\n\n<li><strong>Monitor unauthorized changes:<\/strong> Set up real-time monitoring of AD infrastructure, particularly elevated network accounts and groups.<\/li>\n\n\n\n<li><strong>Perform clean recovery:<\/strong> Back up systems on a regular basis and carry out clean recoveries after any security issues. This entails doing extensive forensics and inspections to guarantee that the environment is clear of compromise.<\/li>\n\n\n\n<li><strong>Conduct forensics investigation:<\/strong> Save the compromised environment for a thorough forensics investigation to determine the scope of the breach and any <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-management\/\">vulnerabilities<\/a>.<\/li>\n<\/ul>\n\n\n\n<p>From Semperis&#8217; incident response experiences, state-sponsored actors from nations like China and Russia are relentless in their attempts to compromise networks. There&#8217;s a growing threat caused by cyber adversaries such as Volt Typhoon. Despite countless warnings over the years, malicious actors have operated with no consequence, emphasizing that organizations should operate under the assumption that their security will be compromised.<\/p>\n\n\n\n<p>The intricate techniques deployed by Volt Typhoon serve as an alarming indicator of the ongoing cybersecurity dangers to our network infrastructures. To keep ahead of harmful actors, stakeholders must remain watchful and constantly improve their security measures while enhancing their <a href=\"https:\/\/www.esecurityplanet.com\/threats\/threat-hunting\/\">threat intelligence<\/a>.<\/p>\n\n\n\n<p><strong>Want to strengthen your organization\u2019s digital defenses? Read the common types of <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-network-security\/\">network security solutions<\/a> next.<\/strong><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6d3cf6eb7e-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6d3cf6eb7e\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6d3cf6eb7e\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6d3cf6eb7e\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6d3cf6eb7e\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6d3cf6eb7e\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6d3cf6eb7e\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they&#8217;re attacking and what you can do for protection.<\/p>\n","protected":false},"author":331,"featured_media":34036,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[16],"tags":[],"b2b_audience":[],"b2b_industry":[],"b2b_product":[],"class_list":["post-34034","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trends"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Volt Typhoon Disrupts US Organizations, CISA Issues Alerts<\/title>\n<meta name=\"description\" content=\"Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they&#039;re attacking and what you can do for protection.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts\" \/>\n<meta property=\"og:description\" content=\"Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they&#039;re attacking and what you can do for protection.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-16T17:34:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-16T17:35:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Maine Basan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Maine Basan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\"},\"author\":{\"name\":\"Maine Basan\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/48c58015ca79ab3ed057abd7a52b2206\"},\"headline\":\"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts\",\"datePublished\":\"2024-02-16T17:34:58+00:00\",\"dateModified\":\"2024-02-16T17:35:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\"},\"wordCount\":1308,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png\",\"articleSection\":[\"Trends\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\",\"name\":\"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png\",\"datePublished\":\"2024-02-16T17:34:58+00:00\",\"dateModified\":\"2024-02-16T17:35:02+00:00\",\"description\":\"Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they're attacking and what you can do for protection.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: 2ragon\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/48c58015ca79ab3ed057abd7a52b2206\",\"name\":\"Maine Basan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/HH50049850_Maine_Basan-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/HH50049850_Maine_Basan-150x150.jpg\",\"caption\":\"Maine Basan\"},\"description\":\"Maine is an eSecurity Planet writer with a foundation in eLearning content development, research, and academic CRM implementation. She studied BA Communication Arts at the University of the Philippines. She now leverages her communication experiences as a writer and product analyst, engaging the B2B audience with insights into cybersecurity trends and solutions. Off the clock, Maine\u2019s probably immersed in her spreadsheets, organizing her life or planning her next K-pop concert and beach getaways.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/mbasan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts","description":"Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they're attacking and what you can do for protection.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/","og_locale":"en_US","og_type":"article","og_title":"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts","og_description":"Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they're attacking and what you can do for protection.","og_url":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/","og_site_name":"eSecurity Planet","article_published_time":"2024-02-16T17:34:58+00:00","article_modified_time":"2024-02-16T17:35:02+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png","type":"image\/png"}],"author":"Maine Basan","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Maine Basan","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/"},"author":{"name":"Maine Basan","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/48c58015ca79ab3ed057abd7a52b2206"},"headline":"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts","datePublished":"2024-02-16T17:34:58+00:00","dateModified":"2024-02-16T17:35:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/"},"wordCount":1308,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png","articleSection":["Trends"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/","url":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/","name":"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png","datePublished":"2024-02-16T17:34:58+00:00","dateModified":"2024-02-16T17:35:02+00:00","description":"Volt Typhoon has expanded its operations beyond illegal access and data theft in the US. Discover how they're attacking and what you can do for protection.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240216-cisa-issues-alerts-after-volt-typhoon-attacks-us-networks.png","width":1400,"height":900,"caption":"Image: 2ragon\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/trends\/cisa-issues-alerts-after-volt-typhoon-attacks-us-networks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Volt Typhoon Disrupts US Organizations, CISA Issues Alerts"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/48c58015ca79ab3ed057abd7a52b2206","name":"Maine Basan","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/HH50049850_Maine_Basan-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/HH50049850_Maine_Basan-150x150.jpg","caption":"Maine Basan"},"description":"Maine is an eSecurity Planet writer with a foundation in eLearning content development, research, and academic CRM implementation. She studied BA Communication Arts at the University of the Philippines. She now leverages her communication experiences as a writer and product analyst, engaging the B2B audience with insights into cybersecurity trends and solutions. Off the clock, Maine\u2019s probably immersed in her spreadsheets, organizing her life or planning her next K-pop concert and beach getaways.","url":"https:\/\/www.esecurityplanet.com\/author\/mbasan\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/34034"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/331"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=34034"}],"version-history":[{"count":4,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/34034\/revisions"}],"predecessor-version":[{"id":34043,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/34034\/revisions\/34043"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/34036"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=34034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=34034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=34034"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=34034"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=34034"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=34034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}