USCG warns of Volt Typhoon cybersecurity threat to maritime

Written by Nick Blenkey

USCG issues new guidance on SASH (sexual assault, sexual harassment) law compliance

The U.S. Coast Guard is warning maritime companies of the cybersecurity threat posed by recent People’s Republic of China (PRC) sponsored cyber activity seen across U.S. critical infrastructure, including the Marine Transportation System (MTS). The threat comes from a PRC threat actor group known as Volt Typhoon which take advantage of administration tools built into victim networks to accomplish its goals without being detected, a technique known as known as “living off the land.”

The Coast Guard strongly encourages every company to review a just released joint advisory issued by the U.S. National Security Agency and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), the Australian Signals Directorate’s Australian Cyber SecurityCentre (ACSC), the Communications Security Establishment’s Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ),,and the United Kingdom National Cyber Security Centre (NCSC-UK).

The “Five Eyes” nation authorities say that Volt Typhoon’s “living off the land” primary tactics, techniques, and procedures (TTPs), allow the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations.

The Coast Guard strongly encourages every company to review the advisory and harden their cyberspace terrain by searching for and mitigating any instances of the Indicators of Compromise that the alert highlights within their own networks and systems. If malicious activity is discovered, companies should follow normal reporting procedures in accordance with their Incident Response Plans, which includes reporting such discoveries to the National Response Center (NRC) or local Coast Guard unit. Companies unable to take discovery actions highlighted in the advisory, or those who would like additional assistance, should contact their local USCG Cyber Specialist or email the Maritime Cyber Readiness Branch at maritimecyber@uscg.mil. The Coast Guard has subject matter experts standing by to answer questions and provide information about Coast Guard Cyber Protection Team services.

Download the advisory HERE

Categories: News, Safety and Security Tags: Australian Cyber SecurityCentre, Canadian Centre for Cyber Security, CISA, Coast Guard, Cybersecurity, Cybersecurity and Infrastructure Security Agency, FBI, Federal Bureau of Investigation, living off the land, National Cyber Security Centre, National Security Agency, New Zealand National Cyber Security Centre.NCSC-NZ, NSA, Volt Typhoon, Windows servers

RELATED ARTICLES

Tidal Transit project will create the world’s first retrofit eCTV

LNG-fueled Matson newbuilds will have Kongsberg hybrid electrical systems

More details on Norway’s giant hydrogen fueled-ferries emerge

Bank effect eyed in $29.5 million tanker strike on pier

Planned Oregon and Gulf of Maine auctions open new opportunities for floating offshore wind