The United States government recently shut down a major China-backed hacking group dubbed "Volt Typhoon" that attacked hundreds of routers and had been working to compromise U.S. cyber infrastructure.
About Volt Typhoon:
It is a state-sponsored hacking group based in China that has been active since at least 2021.
The group typically focuses on espionage and information gathering.
It has targeted critical infrastructureorganisationsin the US, including Guam.
To achieve their objective, the threat actor puts a strong emphasis on stealth, relying almost exclusively on living-off-the-land techniquesand hands-on-keyboard activity.
The recurring attack pattern of the Volt Typhoon begins with initial access via exploitation of public-facing devices or services.
Volt Typhoon employs the comparatively uncommon practice of leveraging preinstalled utilities for most of their victim interactions.
Compromised small office/home office (SOHO) devices are used by the attackers to proxy communications to and from the affected networks.
They issue commands via the command line to (1) collect data, including credentials from local and network systems: (2) put the data into an archive file to stage it for exfiltration: and then (3) use the stolen valid credentials to maintain persistence.
Volt Typhoon was a particularly quiet operator that hid its traffic by routing it through hacked network equipment,like home routers, and carefully expunging evidence of intrusions from thevictim’s logs.
This combination of behaviours makes detection especially difficult, as defenders must be able to differentiate between attacker activities and those of power users or administrative staff.
Dear Student,
You have still not entered your mailing address. Please enter the address where all the study materials will be sent to you. (If applicable).
