A Chinese cyberespionage initiative has been detected that focuses on the essential infrastructure within Guam, an American territory in the Pacific Ocean, by Microsoft.
The campaign, christened Volt Typhoon by Microsoft, is suspected to be directed by Chinese state-supported hackers. It is particularly striking given Guam’s strategic significance in any potential military conflict involving China and Taiwan.
In a highly detailed exposé, Microsoft characterised Volt Typhoon as a “stealthy and targeted malicious activity centred on post-compromise credential access and network system discovery.” The campaign, which has been operational since mid-2021, is aimed at disrupting critical communication infrastructure between the United States and the Asian region during future crises. This prognosis is based on moderate confidence assessments by Microsoft.
The US government’s cybersecurity response agency, CISA, has also raised alarm bells about this threat actor, publishing an urgent bulletin that offers mitigation guidance, IOCs, and other telemetry to aid defenders in identifying signs of compromise. The Chinese government-backed hackers have cast their net wide, infiltrating a vast range of organisations spanning numerous sectors, including communications, manufacturing, utilities, transport, construction, maritime, government, IT, and education.
Explaining the hackers’ modus operandi, Microsoft said, “The threat actor intends to perform espionage and maintain access without being detected for as long as possible.” Their method involves breaking into target companies via internet-facing Fortinet FortiGuard devices and latching onto compromised small office/home office (SOHO) routers to veil the source of their activity.
Microsoft further warned that many network edge devices, including those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, are potential targets if their management interfaces are exposed to the public internet. According to the tech giant, “By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.”
This hacking group majorly depends on utilising “living-off-the-land” commands to gather information on the system, discover additional devices on the network, and exfiltrate data, further enhancing their surreptitious activities.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst