The group also leverages compromised small office and home office (SOHO) network routers, firewalls and VPN hardware to route traffic through in an attempt to blend into normal network activity.
#ASUS DEVICE DISCOVERY TOOL ARCHIVE#
The group issues commands via the command line to collect data and credentials from local and network systems, put the data into an archive file to stage for exfiltration and uses stolen credentials to maintain persistence, researchers say. Volt Typhoon relies on stealth and almost exclusively living-off-the-land techniques and hands-on-keyboard activity to stay undetected. Affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors. Volt Typhoon’s victimsĪccording to Microsoft, Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the U.S. and China over the country, cyberattacks are now essentially expected to be a part of international crises after the cyberattacks that preluded Russian’s invasion of Ukraine. Although Microsoft’s research blog doesn’t mention Taiwan or the escalating tensions between the U.S. Microsoft says Volt Typhoon is pursing development of capabilities that could disrupt critical communications infrastructure between the U.S. Microsoft is sounding the alarm on a group it calls Volt Typhoon, another state-sponsored hacking group based in China that is targeting critical infrastructure organizations and leveraging living-off-the-land techniques and proxying its network traffic through compromised network edge devices and routers to evade detection.
0 kommentar(er)
