Cybersecurity experts stress the need for the public and relevant organisations to treat this warning seriously, given that state-sponsored cyber programs conducted by China, Russia, Iran, and North Korea present the most substantial strategic cyber threats to Canada. These threats are particularly directed at critical infrastructure systems … writes Kaliph Anaz
The recent public advisory issued by the Canadian Centre for Cyber Security, in conjunction with the Five Eyes intelligence alliance, has brought attention to a significant cyber threat originating from a state-sponsored actor affiliated with the People’s Republic of China. The issuance of such a public warning indicates the gravity of the situation and underscores the urgency for increased vigilance within Canada’s cybersecurity landscape.
Cybersecurity experts stress the need for the public and relevant organisations to treat this warning seriously, given that state-sponsored cyber programs conducted by China, Russia, Iran, and North Korea present the most substantial strategic cyber threats to Canada. These threats are particularly directed at critical infrastructure systems.
The interconnectedness of Western economies means that an attack on one country’s infrastructure can have severe repercussions for others. While the Canadian Cyber Centre has not received reports of the specific state actor targeting Canada, the interconnected nature of digital infrastructure implies that an attack on one nation could potentially impact the infrastructure of another. Thus, the advisory serves as a proactive measure to ensure that Canada remains prepared and vigilant against potential cyber threats.
The identification of the state-sponsored actor responsible for the cyber threat originates from tech giant Microsoft. The actor, known as Volt Typhoon, is associated with the Chinese government and focuses primarily on espionage and information gathering. Microsoft’s decision to publicly attribute the threat to China is significant, as companies typically refrain from explicitly naming responsible parties. Such attribution by a prominent entity like Microsoft carries weight and necessitates a serious response.
Volt Typhoon’s operations are characterized by a technique referred to as “living off the land,” which involves exploiting existing network tools and valid credentials to evade detection. This approach differs from traditional malware attacks that generate new files on targeted systems. By utilizing preexisting tools and operating within a computer’s memory, Volt Typhoon enhances its ability to remain undetected and increases the challenges for cybersecurity defenders.
In a recent blog post, Microsoft revealed that the Volt Typhoon campaign aims to develop capabilities that could disrupt critical communications infrastructure between the United States and the Asian region during future crises. Since mid-2021, the group has targeted critical infrastructure organizations in Guam, home to a significant U.S. naval base, as well as various locations throughout the United States. The potential disruption of critical communications infrastructure poses significant risks to both national security and the functionality of essential services.
The revelation of this cyber threat prompts questions regarding potential counter-hacking measures, commonly referred to as “active measures.” Cybersecurity expert Thomas Patrick Keenan has raised inquiries regarding whether the Canadian military has authorized any such actions. While no explicit confirmation has been provided, Keenan was directed to the Canadian Armed Forces’ “Strong, Secure, Engaged” document, which outlines the country’s defence policy. The document indicates that the Canadian Armed Forces (CAF) has plans to develop active cyber capabilities and employ them against potential adversaries with government authorisation.
However, engaging in active measures against the Chinese regime would likely escalate the situation and potentially lead to a cyberwar. Keenan notes that highlevel authorization would be necessary for the Canadian military to become involved in such activities. It is important to consider the potential consequences and carefully deliberate any decisions related to counter-hacking measures to prevent a further escalation of the conflict. Still, tough actions need to be taken.
China cannot be given a leeway. This seems to underscore China’s salami slicing strategy. They keep provoking other nations, but just not enough to cause a war. And soon, the change the status quo into the new normal.
In conclusion, the public advisory issued by the Canadian Centre for Cyber Security in collaboration with the Five Eyes intelligence alliance highlights the severity of the cyber threat emanating from a state-sponsored actor associated with China. The advisory serves as a call to action for increased vigilance and cybersecurity preparedness within Canada. The identification of Volt Typhoon as the responsible actor underscores the significance of the threat, as attribution by a prominent entity like Microsoft carries substantial weight. The “living off the land” technique employed by Volt Typhoon presents challenges for detection and defence. The potential disruption of critical communications infrastructure further emphasizes the urgency for robust cybersecurity measures. Overall, the recent public advisory serves as a wake-up call for Canada and highlights the pressing need for enhanced cybersecurity measures.
It emphasizes the seriousness of state-sponsored cyber threats originating from China and the potential risks they pose to critical infrastructure, national security, and international relations. This advisory underscores the importance of international collaboration, threat intelligence sharing, and proactive defence strategies to mitigate the evolving cyber landscape.
As the digital realm becomes increasingly interconnected, it is crucial for governments, organizations, and individuals to remain vigilant, adapt to emerging threats, and prioritize cybersecurity as a fundamental aspect of national defence.