#1 Trending Cybersecurity News & Magazine
Friday, September 22, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Skynet

    The Intricate Web of Skynet DDoS Provider, Anonymous Sudan, and Russian Hacker Groups

    Twitter account hacking

    Twitter Users Not Safe: Rise in Hacked Accounts, a Growing Concern

    T-Mobile Cyber Attack

    T-Mobile Cyber Attack or Glitch? 8 Alleged Breaches Since 2018 as Company Denies Allegations

    Auckland University of Technology Breach

    Monti Ransomware Group Claims Auckland University of Technology Data Breach

    Cyber Attacks on Canadian Airports

    Multiple Cyber Attacks on Canadian Airports Disrupt Operations

    Dark Web Botnet Sale

    Dark Web Botnet Sale: Surge in Cyber Attack Risk With a Whopping 1.3 MN Bots

    PeerBerry Data Breach

    PeerBerry Addresses Alleged Data Breach Amidst SiegedSec Hacker Claim

    FDVA Cyber Attack

    FDVA Cyber Attack: Snatch Ransomware Group Threatens Florida Department of Veterans Affairs

    Jr Trump hacked

    Donald Trump Dead, Tweets Trump Jr’s Hacked Twitter(X) Account

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    threat landscape

    The Three Trends to Watch in the Growing Threat Landscape

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Tesla Data Leak

    Massive Tesla Data Leak Exposing Over 75000 Staff Attributed to Former Employees

    Cybersecurity Primer

    Bridging the Gap: Cybersecurity Primer to Address Woes Surrounding US Government Officials

    Executive order for cybersecurity

    White House Directs Federal Agencies to Enhance Cybersecurity Amid Exposure Concerns

    AI Cyber Challenge

    Biden-Harris Administration Introduces AI Cyber Challenge, Offering $20 Million Reward

    aws agent hijack

    New Research Exposes Advanced Cyber Threat – Attackers Hijack AWS Agent to Control Endpoints

    HUB cyber security

    Investors Sue HUB Cyber Security for Misleading Statements on Mount Rainier Merger

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Bureau Raises $16.5M in Series A Funding

    Bureau Raises $16.5M in Series A Funding to Drive Global Expansion and Combat Cyber Fraud

    Cyble Partner Network

    Cyble Revolutionizes Cybersecurity Collaboration With Launch of Global Partner Program ‘Cyble Partner Network’

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    Skynet

    The Intricate Web of Skynet DDoS Provider, Anonymous Sudan, and Russian Hacker Groups

    Twitter account hacking

    Twitter Users Not Safe: Rise in Hacked Accounts, a Growing Concern

    T-Mobile Cyber Attack

    T-Mobile Cyber Attack or Glitch? 8 Alleged Breaches Since 2018 as Company Denies Allegations

    Auckland University of Technology Breach

    Monti Ransomware Group Claims Auckland University of Technology Data Breach

    Cyber Attacks on Canadian Airports

    Multiple Cyber Attacks on Canadian Airports Disrupt Operations

    Dark Web Botnet Sale

    Dark Web Botnet Sale: Surge in Cyber Attack Risk With a Whopping 1.3 MN Bots

    PeerBerry Data Breach

    PeerBerry Addresses Alleged Data Breach Amidst SiegedSec Hacker Claim

    FDVA Cyber Attack

    FDVA Cyber Attack: Snatch Ransomware Group Threatens Florida Department of Veterans Affairs

    Jr Trump hacked

    Donald Trump Dead, Tweets Trump Jr’s Hacked Twitter(X) Account

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    threat landscape

    The Three Trends to Watch in the Growing Threat Landscape

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures

    Tesla Data Leak

    Massive Tesla Data Leak Exposing Over 75000 Staff Attributed to Former Employees

    Cybersecurity Primer

    Bridging the Gap: Cybersecurity Primer to Address Woes Surrounding US Government Officials

    Executive order for cybersecurity

    White House Directs Federal Agencies to Enhance Cybersecurity Amid Exposure Concerns

    AI Cyber Challenge

    Biden-Harris Administration Introduces AI Cyber Challenge, Offering $20 Million Reward

    aws agent hijack

    New Research Exposes Advanced Cyber Threat – Attackers Hijack AWS Agent to Control Endpoints

    HUB cyber security

    Investors Sue HUB Cyber Security for Misleading Statements on Mount Rainier Merger

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Bureau Raises $16.5M in Series A Funding

    Bureau Raises $16.5M in Series A Funding to Drive Global Expansion and Combat Cyber Fraud

    Cyble Partner Network

    Cyble Revolutionizes Cybersecurity Collaboration With Launch of Global Partner Program ‘Cyble Partner Network’

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Features Espionage

Chinese Espionage Operation ‘Volt Typhoon’ Targets US Critical Infrastructure

The group, which has been active since mid-2021, has conducted several cyber attacks targeting critical infrastructure organizations in Guam and networks across the United States

Vishwa Pandagle by Vishwa Pandagle
May 25, 2023
in Espionage, Firewall Daily
0
Volt Typhoon
632
SHARES
3.5k
VIEWS
Share on LinkedInShare on Twitter

Volt Typhoon, a state-sponsored Chinese espionage actor, has managed to infiltrate US infrastructure networks., warned a joint Cybersecurity Advisory (CSA) issued by the United States and its allies. However, China has rejected the claim calling the advisory a “collective disinformation campaign”.

The Chinese espionage group, which has been active since mid-2021, has conducted several cyber attacks targeting critical infrastructure organizations in Guam and networks across the United States, noted a Microsoft security report.

You might also like

The Intricate Web of Skynet DDoS Provider, Anonymous Sudan, and Russian Hacker Groups

Twitter Users Not Safe: Rise in Hacked Accounts, a Growing Concern

T-Mobile Cyber Attack or Glitch? 8 Alleged Breaches Since 2018 as Company Denies Allegations

The Volt Typhoon campaign, which is mainly working towards gathering information and espionage, is refining itself to develop capabilities that could gravely impact the communications infrastructure between Asia and the United States.

The joint advisory aims to alert organizations of the activities and techniques used by the state-sponsored Chinese hackers and how the same can be applied worldwide.

The authoring agencies of the joint advisory include the United States NSA, CISA, FBI, Australia’s ACSC, Canada’s CCCS, New Zealand’s NCSC-NZ, and the United Kingdom’s NCSC-UK.

Chinese cyber espionage detected by security researchers

Volt Typhoon, which has been referred as ‘BRONZE SILHOUETTE‘ by Secureworks Counter Threat Unit (CTU) researchers, has been carefully running its operations to blend in with legitimate network activity and stay undetected, noted a report published by the cybersecurity company.

“Think of a spy going undercover, their goal is to blend in and go unnoticed. This is exactly what Bronze Silhouette does by mimicking usual network activity,” said Marc Burnard, Senor Consultant Information Security Research and China thematic lead, Secureworks.

“This suggests a level of operational maturity and adherence to a modus operandi that is engineered to reduce the likelihood of the detection and attribution of the group’s intrusion activity.”

Stating that China is known to be “highly skilled in cyber espionage”, Burnard added.

A series of high-profile U.S Department of Justice indictments of Chinese nationals allegedly involved in cyberespionage activity and the public exposures of this type of activity by security vendors recently were attributed to the Chinese government.

According to Burnard, this might have resulted in increased pressure from leadership within the People’s Republic of China to avoid public scrutiny of its cyberespionage activity.

Activities of Volt Typhoon by the PRC: The LotL way

Employing fileless malware or LOLbins, the Volt Typhoon by the PRC followed the living off the land (LotL) technique and procedure to utilize legitimate software from the system to cause cyber attacks.

This allowed Volt Typhoon to effectively evade detection and blend in among users as legitimate for the most part of the attack.

Volt Typhoon
Attack mechanism of Volt Typhoon (Photo: Microsoft)

“The actor has leveraged compromised small office/home office (SOHO) network devices as intermediate infrastructure to obscure their activity by having much of the command and control (C2) traffic emanate from local ISPs in the geographic area of the victim,” the advisory noted.

Tools used by Volt Typhoon

Addressing the technique used by Volt Typhoon, the advisory said, “The actor has used Earthworm and a custom Fast Reverse Proxy (FRP) client with hardcoded C2 callbacks [T1090] to ports 8080, 8443, 8043, 8000, and 10443.” The group used various files names including isco_up.exe, cl64.exe, vm3dservice.exe, watchdogd.exe, Win.exe, WmiPreSV.exe, and WmiPrvSE.exe.

The commands used for malicious activities did not rely on administrative login credentials to find results.

They used a Windows Management Instrumentation Command Line query and gathered storage data on the local host, drive letter, file system, and more.

The command used by the threat actors — c md.exe /C “wmic path win32_logicaldisk get caption,filesystem,freespace,size,volumename”

Zero-Trust model advised

To maintain caution, the advisory about the Volt Typhoon group by the PRC mentioned that small and home office users must pay attention that the network management interfaces being exposed to the internet.

This is to prevent unauthorized access to avoid them being re-purposed as redirectories. Going for the zero-trust principle was also suggested for access management.

Elaborating on the state of compromise of the domain, the advisory wrote, “If an actor can exfiltrate the ntds.dit and SYSTEM registry hive, the entire domain should be considered compromised, as the actor will generally be able to crack the password hashes for domain user accounts, create their own accounts, and/or join unauthorized systems to the domain.”

Users were urged to limit port proxy usage with a time limit so Volt Typhoon and similar groups cannot create backdoors, and bypass the firewall policies.

Volt Typhoon’s whereabouts

Active since mid 2021, Volt Typhoon is based in China and conducts espionage against the targets. “Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” a Microsoft report read.

The targets of the group include however are not limited to critical infrastructure in Guam and other US nations. They have also attacked sectors including government, communications, utility, manufacturing, construction, maritime, and education among others.

Summing up the attack vector of the Volt Typhoon, the Microsoft report stated that the group gains initial access to organizations via internet-facing Fortinet FortiGuard devices. They extract credentials to misuse them further and rarely use malware in their post-compromise activities.

They were often found using the command-line tool Ntdsutil.exe to create installation media from domain controllers to create new domain controllers.

China Denies Involvement, Rejects Spying Accusations

Reacting to the cybersecurity advisory issued by the US and its allies, the Chinese government has rejected the spying accusations, stating that the warning was a “collective disinformation campaign” against the country, The Reuters reported.

Refuting the claims, Mao Ning, the Chinese foreign ministry spokesperson said that the United States was the “empire of hacking” and the intention of the report was to promote the ‘the Five Eyes’ — a global surveillance arrangement between the United States, the United Kingdom, Canada, Australia and New Zealand, the report added.

Response from the team of United States Cyber Defense Agencies

Addressing Chinese threat actors targeting the United States, Jen Easterly, Director of CISA said, “For years, China has conducted aggressive cyber operations to steal intellectual property and sensitive data from organizations around the globe.. Today’s advisory highlights China’s continued use of sophisticated means to target our nation’s critical infrastructure, and it gives network defenders important insights into how to detect and mitigate this malicious activity.”

“We encourage all organizations to review the advisory, take action to mitigate risk, and report any evidence of anomalous activity. We must work together to ensure the security and resilience of our critical infrastructure,” Jen concluded.

Volt Typhoon
Image courtesy: CISA

Another CISA advisory about Chinese infiltration and attacks aimed at the United States and other nations stated that China currently is the most active cyber espionage threat. “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems,” the advisory read.

Mitigation help offered by Microsoft

Microsoft urged users to immediately change their password and other login credentials to prevent further misuse of their accounts and access. Opting for multi-factor authentication is recommended to defend against Volt Typhoon attacks.

Turning on cloud-delivered protection in Microsoft Defender Antivirus can immensely improve security. Also, running endpoint detection and response (EDR) in block mode was also encouraged so Microsoft Defender can block malicious artifacts even in the inactivity of other anti-virus tools in the system.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Chinese espionagemalware free espionagePRC cybercriminalsThe Cyber ExpressThe Cyber Express NewsVolt Typhoon
Previous Post

Cyber Attack on UAE Banking Sector: Mysterious Team Bangladesh Claims to Hit First Abu Dhabi Bank

Next Post

Iranian Cybercriminals Targeting UAE Government Websites Traced with Backdoor Data

Vishwa Pandagle

Vishwa Pandagle

Vishwa Pandagle is a Technical Writer at The Cyber Express. She writes cybersecurity news related to data breaches, ransomware, phishing, and best practices among others. She also writes about cybersecurity developments and likes interacting with experts in this field. When not working, she likes self-reflecting, meditating, volunteering, and going for long walks.

Related Posts

Skynet
Dark Web News

The Intricate Web of Skynet DDoS Provider, Anonymous Sudan, and Russian Hacker Groups

by Ashish Khaitan
September 22, 2023
Twitter account hacking
Firewall Daily

Twitter Users Not Safe: Rise in Hacked Accounts, a Growing Concern

by Editorial
September 22, 2023
T-Mobile Cyber Attack
Firewall Daily

T-Mobile Cyber Attack or Glitch? 8 Alleged Breaches Since 2018 as Company Denies Allegations

by Vishwa Pandagle
September 22, 2023
Auckland University of Technology Breach
Firewall Daily

Monti Ransomware Group Claims Auckland University of Technology Data Breach

by Ashish Khaitan
September 22, 2023
Cyber Attacks on Canadian Airports
Firewall Daily

Multiple Cyber Attacks on Canadian Airports Disrupt Operations

by Ashish Khaitan
September 21, 2023 - Updated on September 22, 2023
Next Post
Iranian Cybercriminals Targeting UAE Government

Iranian Cybercriminals Targeting UAE Government Websites Traced with Backdoor Data

Latest Issue is Out. Subscribe Now



Follow Us On Google News

Latest Cyber News

Skynet
Dark Web News

The Intricate Web of Skynet DDoS Provider, Anonymous Sudan, and Russian Hacker Groups

September 22, 2023
Twitter account hacking
Firewall Daily

Twitter Users Not Safe: Rise in Hacked Accounts, a Growing Concern

September 22, 2023
T-Mobile Cyber Attack
Firewall Daily

T-Mobile Cyber Attack or Glitch? 8 Alleged Breaches Since 2018 as Company Denies Allegations

September 22, 2023
Auckland University of Technology Breach
Firewall Daily

Monti Ransomware Group Claims Auckland University of Technology Data Breach

September 22, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cybersecurity News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance