Why no business is safe from state-sponsored cyber attacks

Date:
Thu, 03 Apr 2025 06:26:43 +0000

Description:
State-sponsored hackers Volt and Salt Typhoon target businesses worldwideno
one is safe from cyber warfare.

FULL STORY ======================================================================

The threat landscape is evolving at an alarming rate, and business leaders
who may have previously believed that nation-state attacks are a problem for governments alone are increasingly mistaken. The latest revelations
surrounding Chinas Volt Typhoon and Salt Typhoon campaigns should serve as a wake-up call to executives worldwide. These are not theoretical threatsthey
are calculated, long-term infiltrations into critical infrastructure, and no company or country is off-limits.

While the bulk of the activity surrounding these operations has focused on
the United States, the underlying objective is clear: establish persistent access to key systems that, when needed, can be exploited for geopolitical leverage. In other words, these attacks are not just about stealing
secretsthey are about preparing to disrupt entire industries and nations when it is strategically advantageous to do so. And the UK, along with Europe and other Five Eyes nations, is likely on that target list.

If your business operates in energy, telecommunications, transport, water, or government-adjacent industries, youre already in the crosshairs. Volt
Typhoon, a Chinese-backed cyber operation, has been caught burrowing into critical infrastructure with the goal of establishing long-term footholds
that can be used for future sabotage. Meanwhile, Salt Typhoon has been
focused on telecommunicationsan industry with a truly global footprint and an essential enabler for economic and national security.

No organization is safe

The interconnected nature of global business means that no organization is safe. The very corporations targeted in the USlarge multinational firms with operations across the UK, Europe, and beyondare the same ones supporting infrastructure elsewhere. China has every reason to expand these attacks to Five Eyes allies like the UK, given its vested interest in disrupting intelligence-sharing and counter-espionage efforts.

There is precedent for this expansion. Weve already seen similar tactics in Flax Typhoon, which targeted Taiwan, and given Chinas long-term cyber
strategy, it is reasonable to assume that European and UK-based entities are already on the list for similar intrusions. The question isnt if these
attacks will scale globallyits whether businesses will be prepared when they do.

State-sponsored cyber actors typically dont launch ransomware attacks for
quick payouts. Their goals are much more insidious: access, persistence, and control. Chinas cyber teams are laser-focused on industries where disruptions would have the most significant impactenergy, water, communications, transportation, and education.

These sectors are not just economic pillars; they are also key to national security and societal stability. Imagine the chaos that could ensue if a foreign adversary had the ability to disrupt power grids, water supplies, or telecom networks at will, such as SektorCert in the EU.

Action required at board level

Yet many businesses in these sectors are still not treating cybersecurity as
a board-level issue. Too often, security is seen as an IT problem rather than
a core risk. If a company has any role in critical infrastructureeven as a supplier to larger entitiesit should already be treating cyber resilience as
a priority, because ignoring it is an open invitation for adversarial
control.

There has been speculation about AI-powered cyber threats, but heres the reality: Volt and Salt Typhoon are not using cutting-edge AI to develop novel exploits. Instead, they are deploying well-worn tacticsleveraging known vulnerabilities and methodically working through their targets with a level
of discipline that outpaces many corporate defenses.

However, China, like everyone else, is integrating AI into its cyber operations. It may not be leading the charge in AI-powered hacking just yet, but automation, summarization, and workflow efficiency tools are already
being employed to accelerate and scale cyber operations.

This means that while companies may not yet be facing AI-generated, self-evolving malware , they are still dealing with adversaries who can analyze, target, and exploit weaknesses faster than ever before. The key takeaway is that businesses cannot afford to move at yesterdays speed when their attackers are already operating at tomorrows pace.

Traditional security solutions arent enough

What makes the Volt and Salt Typhoon campaigns even more threatening is that traditional security solutions firewalls , endpoint protection, intrusion detectionsimply arent sufficient enough.

In fact, one of the biggest weaknesses that attackers like Volt and Salt Typhoon exploit is a lack of network visibility. Businesses often invest in endpoint protection and firewalls, yet many industrial control systems (ICS), IoT devices, and network appliancesthe exact infrastructure being targeteddo not support traditional security tools. This creates a massive blind spot, allowing state-sponsored actors to infiltrate, persist, and move laterally undetected.

Without deep, real-time network monitoring , organizations have no way of detecting unusual patterns of behavior, unauthorized communications, or stealthy command-and-control (C2) traffic that signal a compromise. Volt Typhoon, for example, has been known to use living off the land techniques, blending in with normal system activity to evade detection. The only way to uncover these threats is through continuous monitoring, anomaly detection,
and threat intelligence integrationtraditional perimeter security simply isnt enough.

Resilience is essential

Boardrooms globally must recognize that resilience against state-backed cyber threats is as essential as financial stability. Businesses must adopt an assumption-of-breach mindset, recognising that their systems may already be compromised, and focus on threat hunting and proactive monitoring. Supply chains have to be secured, as many breaches occur through third-party
vendors, making every link in the supply chain a potential vulnerability.

Companies that operate in or support critical industries must prioritize
robust cyber defenses now, rather than reacting once an attack occurs.
Aligning with national security efforts and intelligence-sharing initiatives
is critical, as collaboration with government cybersecurity bodies can
provide crucial insights and defenses. Training and testing must be
continuous, with regular cybersecurity education for employees and rigorous red-teaming exercises to stay ahead of emerging threats.

We are just beginning to understand the full extent of the Salt Typhoon campaign and the vulnerabilities it has exposed. This is just one front in an ongoing cyber war where the stakes are national and economic security. The sheer number of connected devices in the average organization today is unmanageable without advanced monitoring, making network detection and
defense more critical than ever in identifying and stopping these persistent threats before they escalate into full-scale cyber crises.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry
today. The views expressed here are those of the author and are not
necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

======================================================================
Link to news story: https://www.techradar.com/pro/why-no-business-is-safe-from-state-sponsored-cyb er-attacks

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)