The Coast Guard would like to amplify the recently released Joint Cybersecurity Advisory (CSA) that highlights recent People’s Republic of China (PRC) sponsored cyber activity seen across U.S. critical infrastructure, including the Marine Transportation System (MTS). This advisory outlines primary tactics, techniques, and procedures (TTPs) used by a PRC threat actor group known as Volt Typhoon who take advantage of administration tools built into victim networks to accomplish its nefarious goals without being detected, better known as “living off the land.”
The Coast Guard strongly encourages every company to review the advisory and harden their cyberspace terrain by searching for and mitigating any instances of the highlighted Indicators of Compromise within their own networks and systems. If malicious activity is discovered, companies should follow normal reporting procedures in accordance with their Incident Response Plans, which includes reporting such discoveries to the National Response Center (NRC) or local Coast Guard unit.
Companies unable to take discovery actions highlighted in the advisory, or those who would like additional assistance, should contact their local USCG Cyber Specialist or email the Maritime Cyber Readiness Branch at [email protected]. The Coast Guard has subject matter experts standing by to answer questions and provide information about Coast Guard Cyber Protection Team services.