Connect with us

Hi, what are you looking for?

Crime

BREAKING: China Hacks Critical U.S. Infrastructure, Microsoft Says


CREDIT: Chris Hondros/Getty

Microsoft Threat Intelligence / For immediate release:

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence. In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.

Advertisement

In this blog post, we share information on Volt Typhoon, their campaign targeting critical infrastructure providers, and their tactics for achieving and maintaining unauthorized access to target networks. Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this attack could be challenging. Compromised accounts must be closed or changed. At the end of this blog post, we share more mitigation steps and best practices, as well as provide details on how Microsoft 365 Defender detects malicious and suspicious activity to protect organizations from such stealthy attacks.

Continue reading here.

Advertisement. Scroll to continue reading.

Facebook Comments




News by Breaking911

Loading

Advertisement
Click to comment
Advertisement
Advertisement

You May Also Like

Crime

WASHINGTON (FTC / News Release) – The Federal Trade Commission and 17 state attorneys general today sued Amazon.com, Inc. alleging that the online retail...

Crime

PHOTO CREDIT: JABIN BOTSFORD/THE WASHINGTON POST/GETTY IMAGES Donald Trump’s legal team is attempting to have the federal election subversion case in...

Crime

Department of Defense / News Release: Today, the Department of Defense (DoD) announced a new security assistance package to support Ukraine’s...

Crime

Law&Crime NetworkMon, January 1, 2024 10:30pmURL:Embed: In 2024, “Doomsday cult” prophet Chad Daybell is scheduled to go to trial — Idaho Murders suspect Bryan...

Crime

President Biden Holds a Joint Press Conference with Prime Minister Anthony Albanese of Australia Facebook Comments Advertisement. Scroll to continue...

Crime

MORGANTOWN, WEST VIRGINIA – A search warrant executed last week in Morgantown led to the recovery of a large batch of “Rainbow Fentanyl,” a...

Crime

President Biden Delivers Remarks on Maui and Hurricane Idalia Response Facebook Comments Advertisement. Scroll to continue reading. Previous...

Covid-19

 Corrine Lund is a nurse who has absolutely had enough of the lies. Lund came forward on “The Stew Peters Show” to reveal what...

Crime

Law&Crime NetworkFri, September 8, 2023 10:30pmURL:Embed: YouTube mom Ruby Franke and her business partner, Jodi Hildebrandt, were arrested last week after Franke’s 12-year-old son...

Crime

Navarrete could face a mandatory minimum sentence of 49 years in prison if convicted of all charges, according to prosecutors An Arizona state senator...

Missing

The massive search for Gabby Petito after the Florida woman vanished in September and was later found dead in a Wyoming national park has...

Proud Boys

Proud Boys move into counter protester’s staging area as clash continues in park near Portland. Proud Boys and antifa clash in Portland area as...

Advertisement