TZUTC: -0500   
   MSGID: 851.consprcy@1:2320/105 2c53e000   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Why no business is safe from state-sponsored cyber attacks   
      
   Date:   
   Thu, 03 Apr 2025 06:26:43 +0000   
      
   Description:   
   State-sponsored hackers Volt and Salt Typhoon target businesses worldwideno   
   one is safe from cyber warfare.   
      
   FULL STORY   
   ======================================================================   
      
   The threat landscape is evolving at an alarming rate, and business leaders    
   who may have previously believed that nation-state attacks are a problem for   
   governments alone are increasingly mistaken. The latest revelations   
   surrounding Chinas Volt Typhoon and Salt Typhoon campaigns should serve as a   
   wake-up call to executives worldwide. These are not theoretical threatsthey   
   are calculated, long-term infiltrations into critical infrastructure, and no   
   company or country is off-limits.    
      
   While the bulk of the activity surrounding these operations has focused on    
   the United States, the underlying objective is clear: establish persistent   
   access to key systems that, when needed, can be exploited for geopolitical   
   leverage. In other words, these attacks are not just about stealing   
   secretsthey are about preparing to disrupt entire industries and nations when   
   it is strategically advantageous to do so. And the UK, along with Europe and   
   other Five Eyes nations, is likely on that target list.    
      
   If your business operates in energy, telecommunications, transport, water, or   
   government-adjacent industries, youre already in the crosshairs. Volt    
   Typhoon, a Chinese-backed cyber operation, has been caught burrowing into   
   critical infrastructure with the goal of establishing long-term footholds    
   that can be used for future sabotage. Meanwhile, Salt Typhoon has been    
   focused on telecommunicationsan industry with a truly global footprint and an   
   essential enabler for economic and national security.   
      
   No organization is safe    
      
   The interconnected nature of global business means that no organization is   
   safe. The very corporations targeted in the USlarge multinational firms with   
   operations across the UK, Europe, and beyondare the same ones supporting   
   infrastructure elsewhere. China has every reason to expand these attacks to   
   Five Eyes allies like the UK, given its vested interest in disrupting   
   intelligence-sharing and counter-espionage efforts.    
      
   There is precedent for this expansion. Weve already seen similar tactics in   
   Flax Typhoon, which targeted Taiwan, and given Chinas long-term cyber   
   strategy, it is reasonable to assume that European and UK-based entities are   
   already on the list for similar intrusions. The question isnt if these    
   attacks will scale globallyits whether businesses will be prepared when they   
   do.    
      
   State-sponsored cyber actors typically dont launch ransomware attacks for   
   quick payouts. Their goals are much more insidious: access, persistence, and   
   control. Chinas cyber teams are laser-focused on industries where disruptions   
   would have the most significant impactenergy, water, communications,   
   transportation, and education.    
      
   These sectors are not just economic pillars; they are also key to national   
   security and societal stability. Imagine the chaos that could ensue if a   
   foreign adversary had the ability to disrupt power grids, water supplies, or   
   telecom networks at will, such as SektorCert in the EU.   
      
   Action required at board level   
      
   Yet many businesses in these sectors are still not treating cybersecurity as    
   a board-level issue. Too often, security is seen as an IT problem rather than   
   a core risk. If a company has any role in critical infrastructureeven as a   
   supplier to larger entitiesit should already be treating cyber resilience as    
   a priority, because ignoring it is an open invitation for adversarial    
   control.    
      
   There has been speculation about AI-powered cyber threats, but heres the   
   reality: Volt and Salt Typhoon are not using cutting-edge AI to develop novel   
   exploits. Instead, they are deploying well-worn tacticsleveraging known   
   vulnerabilities and methodically working through their targets with a level    
   of discipline that outpaces many corporate defenses.    
      
   However, China, like everyone else, is integrating AI into its cyber   
   operations. It may not be leading the charge in AI-powered hacking just yet,   
   but automation, summarization, and workflow efficiency tools are already    
   being employed to accelerate and scale cyber operations.    
      
   This means that while companies may not yet be facing AI-generated,   
   self-evolving malware , they are still dealing with adversaries who can   
   analyze, target, and exploit weaknesses faster than ever before. The key   
   takeaway is that businesses cannot afford to move at yesterdays speed when   
   their attackers are already operating at tomorrows pace.   
      
   Traditional security solutions arent enough   
      
   What makes the Volt and Salt Typhoon campaigns even more threatening is that   
   traditional security solutions firewalls , endpoint protection, intrusion   
   detectionsimply arent sufficient enough.    
      
   In fact, one of the biggest weaknesses that attackers like Volt and Salt   
   Typhoon exploit is a lack of network visibility. Businesses often invest in   
   endpoint protection and firewalls, yet many industrial control systems (ICS),   
   IoT devices, and network appliancesthe exact infrastructure being targeteddo   
   not support traditional security tools. This creates a massive blind spot,   
   allowing state-sponsored actors to infiltrate, persist, and move laterally   
   undetected.    
      
   Without deep, real-time network monitoring , organizations have no way of   
   detecting unusual patterns of behavior, unauthorized communications, or   
   stealthy command-and-control (C2) traffic that signal a compromise. Volt   
   Typhoon, for example, has been known to use living off the land techniques,   
   blending in with normal system activity to evade detection. The only way to   
   uncover these threats is through continuous monitoring, anomaly detection,    
   and threat intelligence integrationtraditional perimeter security simply isnt   
   enough.   
      
   Resilience is essential    
      
   Boardrooms globally must recognize that resilience against state-backed cyber   
   threats is as essential as financial stability. Businesses must adopt an   
   assumption-of-breach mindset, recognising that their systems may already be   
   compromised, and focus on threat hunting and proactive monitoring. Supply   
   chains have to be secured, as many breaches occur through third-party    
   vendors, making every link in the supply chain a potential vulnerability.    
      
   Companies that operate in or support critical industries must prioritize   
   robust cyber defenses now, rather than reacting once an attack occurs.   
   Aligning with national security efforts and intelligence-sharing initiatives   
   is critical, as collaboration with government cybersecurity bodies can    
   provide crucial insights and defenses. Training and testing must be   
   continuous, with regular cybersecurity education for employees and rigorous   
   red-teaming exercises to stay ahead of emerging threats.    
      
   We are just beginning to understand the full extent of the Salt Typhoon   
   campaign and the vulnerabilities it has exposed. This is just one front in an   
   ongoing cyber war where the stakes are national and economic security. The   
   sheer number of connected devices in the average organization today is   
   unmanageable without advanced monitoring, making network detection and    
   defense more critical than ever in identifying and stopping these persistent   
   threats before they escalate into full-scale cyber crises.    
      
    This article was produced as part of TechRadarPro's Expert Insights channel   
   where we feature the best and brightest minds in the technology industry   
   today. The views expressed here are those of the author and are not   
   necessarily those of TechRadarPro or Future plc. If you are interested in   
   contributing find out more here:   
   https://www.techradar.com/news/submit-your-story-to-techradar-pro   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/why-no-business-is-safe-from-state-sponsored-cyb   
   er-attacks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426