Threat Intel - Public-Private Partnerships Disrupt China's Typhoons
Basically, experts say teamwork between private companies and the government is crucial to fight cyber threats from China.
At the RSA Conference, experts stressed the need for public-private partnerships to disrupt China's cyber threats. With no government speakers present, the focus was on private sector intelligence. This absence raises concerns about collaboration in combating cybercrime, especially as threats evolve.
What Happened
During the RSA Conference 2026, a panel discussion focused on disrupting China's cyber threat groups, particularly the Volt and Salt Typhoon gangs. The session was notable for the absence of any government representatives, leaving an empty chair on stage. This absence raised eyebrows, as it highlighted the ongoing challenges in public-private collaboration against cybercrime. Panelists emphasized the importance of sharing intelligence between private sector entities and government agencies to effectively counter these threats.
The discussion recalled past frustrations when private-sector intelligence analysts had valuable information about the Scattered Spider cybercrime group, but government processes delayed real-time collaboration. Dave Scott, a former FBI official, pointed out that private partners often had quicker insights than the government, which was hindered by legal and bureaucratic hurdles. This historical context underscores the urgency of establishing efficient communication channels in the current cyber threat landscape.
Who's Being Targeted
The Volt and Salt Typhoon groups are known for targeting critical infrastructure in the United States. Their operations have increasingly relied on exploiting vulnerabilities in private-sector networks, particularly in utility and telecommunications sectors. Wendi Whitmore from Palo Alto Networks noted that many intrusions occurred on private infrastructures, which means private companies hold significant visibility into these threats.
The panelists agreed that victims must come forward to share intelligence for effective action. The absence of government officials at the RSA Conference raised concerns about the administration's commitment to addressing these threats. The reliance on private-sector insights is crucial, especially as cybercriminals evolve their tactics, including the use of voice phishing to gain initial access.
Tactics & Techniques
The discussion also highlighted the tactics used by Typhoon gangs, which have adapted to exploit weaknesses in cloud environments. Cybercriminals are increasingly using social engineering techniques, such as voice phishing, to penetrate defenses. This method has become the second most common way for cybercriminals to gain access to victims' systems, particularly in cloud setups.
Participants emphasized that the collaboration between public and private sectors is essential to counter these evolving tactics. As cyber threats become more sophisticated, the need for real-time information sharing becomes increasingly critical. Scott mentioned that current advancements in AI further complicate the landscape, making immediate collaboration vital to stay ahead of potential attacks.
Defensive Measures
To combat these threats, experts advocate for stronger public-private partnerships. They stress the need for private companies to share their intelligence with government agencies to enable timely responses. This collaboration can help decision-makers take decisive actions against cyber threats.
Moreover, the RSA panel suggested that informal channels, such as secure messaging platforms, could facilitate better communication between sectors. While official platforms may be slow, private discussions can lead to quicker decision-making and action. As the cybersecurity landscape continues to evolve, fostering these partnerships will be crucial in defending against threats from groups like the Typhoons.