USA and partners warn of actions by China hackers Volt Typhoon

USA and partners warn of actions by China hackers Volt Typhoon

Washington, 6/10/20/2023

In late May, the Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory detailing tactics, techniques and procedures (TTPs) used by state-sponsored Chinese cyberactor Volt Typhoon. This player has primarily focused on the critical infrastructure in the USA. The competent authorities assume that similar actions against targets around the world are possible.

The statement was made by US CISA, the National Security Agency and the FBI
and the cyber security authorities of Australia, Canada, New Zealand and the United Kingdom.

The CISA alert states that Volt Typhoon relies on TTP, known as living-off-the-land, „which uses built-in network management tools to achieve its goals.“ The document provides detection signatures that can help network defenders identify this activity and recommends a number of remedial actions to improve an organization’s cybersecurity posture.

Importantly, the warning notes that some of the indicators „may also be legitimate system administration commands encountered during harmless activities.“ They therefore recommend „not to assume that the results are malicious without further investigation or other evidence of compromise.“

A Microsoft Threat Intelligence blog on Volt Typhoon, published on the same day as the CISA alert, details the threat actor’s campaign against „critical infrastructure organizations in Guam and elsewhere in the United States.“ Although Volt Typhoon typically focuses on espionage and intelligence gathering, Microsoft „states with moderate confidence that this Volt Typhoon campaign seeks to develop capabilities that will disrupt critical communications infrastructure between the United States and the Asia region in future crises.“ .“ could.“

The safety declaration for download