Skip to main content
close search
site logo
Dive Brief

Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure

Published May 31, 2023
David Jones's headshot
Reporter
Gas turbine electric power plant in blue hour.
Thossaphol via Getty Images

Dive Brief:

  • Moody’s Investors Service warned the malicious state-sponsored cyber activity disclosed last week against U.S. critical infrastructure providers is credit negative for the affected sectors which include communications, utilities, energy and transportation sectors. 
  • The malicious activity exposes the critical infrastructure providers to unauthorized use and could lead to reduced revenue and financial liquidity during an attack. Long term, the providers could face reputational harm, increased regulatory oversight and exposure to litigation, the credit ratings agency said. 
  • The Five Eyes issued a joint advisory with U.S. authorities after Microsoft researchers disclosed the attacks last week. No additional activity has been confirmed since the initial advisory was released, according to officials familiar with the advisory.

Dive Insight:

The threat actors have been using living-off-the-land techniques during the operation, using stealth-like activities designed to avoid detection over long periods of time. 

The state-linked threat actor connected to China, identified as Volt Typhoon, has been abusing Fortinet FortiGuard devices to leverage compromised small and home office devices to potentially disrupt communications with Asia, amid rising geopolitical tensions with China. 

“The threat of cyber and physical attacks targeting physical infrastructure is not new and ensuring a secure and reliable bulk power system is the top priority,” the North American Electric Reliability Corporation and Electricity Information Sharing and Analysis Center said in a statement.

While there has been no specific or imminent threat to the bulk power system, the group said an all-points bulletin has been issued about Volt Typhoon. 

Critical infrastructure providers are considered particularly vulnerable because if a sophisticated actor remains undetected in their networks over long periods of time, the risk could pose a more direct threat by disrupting access to necessary services.

“By using native tools that are less likely to generate alerts in well-monitored networks, the Chinese actors are becoming more stealthy and this may portend a coming event,” Mike Hamilton, founder and CISO at Critical Insight, said via email last week.

Moody’s noted in September that certain regulated utilities, including gas and electric utilities, water and not-for-profit hospitals were facing very high risk due to malicious cyber activity. 

Microsoft officials declined to comment.

Editors' picks

Company Announcements

View all | Post a press release
Torus Unveils Integrated Energy Storage and AI-Driven Cybersecurity Solutions
From Torus
October 24, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Tech Ambitions Collide with Reality: 2025 Technology Impact Report Exposes Critical Readiness…
From Omnia Strategy Group, LLC
October 21, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell