Tuesday, May 30, 2023

Volt Typhoon, PRC State Hack, Cybersecurity

"[Volt Typhoon] typically focuses on espionage and information gathering."
"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises."
"In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls and VPN hardware."
Microsoft
Photo of Orbital Ground Station satellite uplink. Two male datacenter employees walk side by side beneath the orbital ground station
  • Research
  • Threat intelligence
  • Microsoft Defender
  • Threat actors
"A [People's Republic of China] state-sponsored actor is living off the land, using built-in network tools to evade our defences and leaving no trace behind."
"That makes it imperative for us to work together to find and remove the actor from our critical networks."
"Indicators of compromise [first discovered by Microsoft, attributed to Volt Typhoon, a Chinese state actor active since mid-2021 using a style of attack described as] living off the land [using existing network tools and valid credentials to avoid detection]."
Rob Joyce, director of cybersecurity, U.S. National Security Agency
U.S. critical infrastructure has been targeted by State-sponsored hackers from China, warned Microsoft, alerting cybersecurity officials across the globe in a co-ordinated strategy to identify and stop the perpetrators. One of several international agencies, part of the Five Eyes intelligence alliance, the Canadian Centre for Cyber Security took its part in amplifying the alert issued by the U.S. National Security Agency.

The Microsoft report indicated that infrastructure facilities around the United States, including Guam, where the U.S. maintains an air force base and naval port, have already been targeted by Volt Typhoon. Both represent central elements of the American military presence in the Pacific Ocean. Guam and its military installations were among the principal targets according to Pentagon officials, of the Chinese spy balloon shot down in February after drifting for a week through North American airspace.
 
An object, suspected to be a spy balloon, is seen in the sky.
The suspected Chinese spy balloon drifts to the ocean after being shot down off the coast in Surfside Beach, South Carolina, U.S. on February 4, 2023. (Randall Hill/Reuters)

The Canadian Centre for Cyber Security joins its international partners in sharing this newly identified threat and accompanying mitigation measures with critical infrastructure sectors."
Agency head Sami Khoury

 

Labels: , , , , ,

Follow @rheytah Tweet