The landscape of today’s cyber threats means that the lines between nation-state espionage, cyber warfare and private-sector attacks are increasingly blurred. How can companies navigate those intricate lines to overcome threats, such as Volt Typhoon, and achieve robust resilience in the long term?

Google’s John Hultquist discusses the impact of threats, such as Volt Typhoon.

“Most people would agree that the Volt Typhoon activity is probably the biggest threat right now,” said John Hultquist (pictured), chief analyst at Mandiant Intelligence. “That is Chinese espionage or cyber espionage that’s coming out of China where they’re digging into our critical infrastructure. They’re essentially gaining access to water, power, rail, all these critical spaces. They’re basically digging in so that if they get the order, they can disrupt.”

Hultquist spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the battle between evolving cyber threats, such as Volt Typhoon, and resilient defenses, touching on proactive strategies for companies to stay protected. (* Disclosure below.)

The Volt Typhoon threat and evolving nation-state tactics

What’s disconcerting about emerging nation-state threats is the shift in focus from purely military-related infrastructure to more random targets, which means that any industry could be vulnerable. The goal isn’t violent attacks but chaos — disrupting systems to create widespread uncertainty, according to Hultquist.

“[It’s about] getting into your industrial control systems or OT systems and breaking things,” he said. “It’s about chaos, I think that’s a good way to think about it. We’re going to get all of that stuff working again. It’s not really a violence thing, it’s more of a disruption thing.”

Russia is also a significant player in cyber aggression. Russian actors are shifting tactics to target technology firms, including resellers, leveraging access to downstream customers. This approach allows them to get closer to their ultimate victims, Hultquist added.

“If you’re a reseller and you have credentials to, let’s say, the systems that you set up or sold, they’re going to leverage those credentials to get downstream to your customers,” he said. “The whole game is basically moving upstream. The really good players, that’s what their game is.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024: 

(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE