Microsoft has investigated the Volt Typhoon malware and determined that it originated from a state-sponsored actor based in China. Volt Typhoon targets critical infrastructure in the United States using "living-off-the-land" techniques.
Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise access to credentials and discovery of network systems, targeting critical infrastructure organizations in the United States.
KRITIS of the USA as a target
The attack is being carried out by Volt Typhoon, a China-based state-sponsored actor that typically focuses on espionage and intelligence gathering. Microsoft is moderately confident that this Volt Typhoon campaign will seek to develop capabilities that could disrupt critical communications infrastructure between the United States and the Asian region in future crises.
Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the organizations affected include communications, manufacturing, utilities, transportation, construction, shipping, government, information technology, and education. Observed behavior indicates that the threat actor intends to engage in espionage and maintain access undetected for as long as possible.
Microsoft would like to highlight this Volt Typhoon activity at this time due to major concerns about the potential further impact on US businesses. By detecting and studying the malware, Microsoft provides detection capabilities. In its blog post, Microsoft describes the attack chain and gives recommendations to harden systems against this type of attack.
Check Point sees even more dangers from China
Such attacks, which could be traced back to China, are for the experts of Check Point nothing new. Chinese APT (Advanced Persistence Threat) groups, such as Volt Typhoon, are known for their sophisticated espionage campaigns. They mostly want to gather strategic information, cause disruptions, or get stuck in a system to be ready for future operations.
For example: Check Point has observed several similar attacks against foreign offices and embassies of European countries over the past few months, which could be traced back to a state-backed Chinese actor. The malware, called Camaro Dragon, has similarities to a well-known Chinese player called Mustang Panda.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
At the end of the security research, Check Point found a dangerous vulnerability in the popular TP-Link routers, resulting in the backdoor called Horse Shell, which can be used to have constant access to the router and thus to the network in order to secretly create a hacker Build IT infrastructure and to allow lateral movements.
One of Check Point's most important conclusions: the US is not the only target of Chinese cyber espionage attacks. Several campaigns against EU members have been seen (and reported on), even against the Russian defense industry and against Asian states in South-East Asia.
More at Microsoft.com
About Microsoft Germany Microsoft Deutschland GmbH was founded in 1983 as the German subsidiary of Microsoft Corporation (Redmond, USA). Microsoft is committed to empowering every person and company in the world to achieve more. This challenge can only be mastered together, which is why diversity and inclusion have been firmly anchored in the corporate culture from the very beginning. As the world's leading manufacturer of productive software solutions and modern services in the age of intelligent cloud and intelligent edge, as well as a developer of innovative hardware, Microsoft sees itself as a partner to its customers to help them benefit from the digital transformation. Security and data protection have top priority when developing solutions. As the world's largest contributor, Microsoft is driving open source technology through its leading developer platform GitHub. With LinkedIn, the largest career network, Microsoft promotes professional networking worldwide.