Dive Brief:
- Moody’s Investors Service warned the malicious state-sponsored cyber activity disclosed last week against U.S. critical infrastructure providers is credit negative for the affected sectors which include communications, utilities, energy and transportation sectors.
- The malicious activity exposes the critical infrastructure providers to unauthorized use and could lead to reduced revenue and financial liquidity during an attack. Long term, the providers could face reputational harm, increased regulatory oversight and exposure to litigation, the credit ratings agency said.
- The Five Eyes issued a joint advisory with U.S. authorities after Microsoft researchers disclosed the attacks last week. No additional activity has been confirmed since the initial advisory was released, according to officials familiar with the advisory.
Dive Insight:
The threat actors have been using living-off-the-land techniques during the operation, using stealth-like activities designed to avoid detection over long periods of time.
The state-linked threat actor connected to China, identified as Volt Typhoon, has been abusing Fortinet FortiGuard devices to leverage compromised small and home office devices to potentially disrupt communications with Asia, amid rising geopolitical tensions with China.
“The threat of cyber and physical attacks targeting physical infrastructure is not new and ensuring a secure and reliable bulk power system is the top priority,” the North American Electric Reliability Corporation and Electricity Information Sharing and Analysis Center said in a statement.
While there has been no specific or imminent threat to the bulk power system, the group said an all-points bulletin has been issued about Volt Typhoon.
Critical infrastructure providers are considered particularly vulnerable because if a sophisticated actor remains undetected in their networks over long periods of time, the risk could pose a more direct threat by disrupting access to necessary services.
“By using native tools that are less likely to generate alerts in well-monitored networks, the Chinese actors are becoming more stealthy and this may portend a coming event,” Mike Hamilton, founder and CISO at Critical Insight, said via email last week.
Moody’s noted in September that certain regulated utilities, including gas and electric utilities, water and not-for-profit hospitals were facing very high risk due to malicious cyber activity.
Microsoft officials declined to comment.