Microsoft discovered a state-sponsored hacking group based in China has been carrying out malicious activity in order to spy on critical infrastructure organizations in the US.
The group, known as Volt Typhoon, has been active since mid-2021 and focused on "espionage and information gathering(Opens in a new window)." The aim of the group is to gain access to critical systems and then maintain access for as long as possible without detection. The organizations targeted by Volt span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
Microsoft admits detecting and mitigating Volt's infiltration of different systems "could be challenging" because the group uses a mix of living-off-the-land techniques (fileless malware) and valid accounts to steal information. Microsoft believes the aim of Volt's campaign is to develop capabilities that "could disrupt critical communications infrastructure between the United States and Asia region during future crises."
Microsoft's discovery of Volt's activity triggered the Cybersecurity and Infrastructure Security Agency (CISA) to issue a Cybersecurity Advisory(Opens in a new window) and has been backed up by Dell-owned cybersecurity company Secureworks, which confirmed it has responded to multiple Volt Typhoon hacks(Opens in a new window). Secureworks points out that the hacking group is also known by the name Bronze Silhouette.
As Reuters reports(Opens in a new window), this is thought to be one of the largest known Chinese cyber-espionage campaigns targeted at the US, but it could extend beyond America. The National Security Agency (NSA) and Federal Bureau of Investigation (FBI) are working with
Read more on pcmag.com