Teacher
Professional
- Messages
- 2,669
- Reaction score
- 819
- Points
- 113
Volt Typhoon was preparing the ground for sabotage, according to the special services.
According to a joint alert issued on February 7 by the U.S. Cybersecurity and Infrastructure Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), the Chinese hacking group Volt Typhoon, also known as Bronze Silhouette, Insidious Taurus, UNC3236, Vanguard Panda, or Voltzite, has been infiltrated into some of the country's critical infrastructure networks. at least five years.
The attackers targeted communications, energy, transportation, and water and sewer systems in the United States and Guam. The hackers activities did not meet the traditional goals of cyber intelligence and data collection. With a high degree of confidence, we can say that Volt Typhoon was preparing the ground for possible sabotage.
One of the distinctive tactics of Volt Typhoon is the use of proxy servers to hide its true location. Hackers compromise routers and firewalls in the United States and send malicious traffic through them.
The main goal of the group is to gain a foothold in hacked networks for a long time. Over the past few years, they have been methodically expanding their positions, periodically stealing credentials to access current accounts. In addition, hackers actively use vulnerabilities to increase privileges and gain full control over domains.
According to a CrowdStrike report last year, Volt Typhoon hackers conduct extensive preliminary intelligence to study the target organization and its environment. They then adapt their tools and techniques to the specific infrastructure of the victim and devote significant resources to maintaining a covert presence.
It is worth noting that the group is focused only on a narrow range of targets, but at the same time carefully prepares and conducts attacks. This methodical approach is confirmed by numerous cases of repeated hacking of the same organizations in order to expand unauthorized access.
In addition to the stolen credentials, Volt Typhoon actively uses LotL techniques, leaving no obvious traces of its presence. This makes them even more difficult to detect.
"Such methods allow attackers to act covertly, disguising their activity as legitimate behavior of systems and networks. In such conditions, they are very difficult to detect, even for organizations with a developed level of cybersecurity, " said the National Cyber Security Center of the UK.
According to a joint alert issued on February 7 by the U.S. Cybersecurity and Infrastructure Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI), the Chinese hacking group Volt Typhoon, also known as Bronze Silhouette, Insidious Taurus, UNC3236, Vanguard Panda, or Voltzite, has been infiltrated into some of the country's critical infrastructure networks. at least five years.
The attackers targeted communications, energy, transportation, and water and sewer systems in the United States and Guam. The hackers activities did not meet the traditional goals of cyber intelligence and data collection. With a high degree of confidence, we can say that Volt Typhoon was preparing the ground for possible sabotage.
One of the distinctive tactics of Volt Typhoon is the use of proxy servers to hide its true location. Hackers compromise routers and firewalls in the United States and send malicious traffic through them.
The main goal of the group is to gain a foothold in hacked networks for a long time. Over the past few years, they have been methodically expanding their positions, periodically stealing credentials to access current accounts. In addition, hackers actively use vulnerabilities to increase privileges and gain full control over domains.
According to a CrowdStrike report last year, Volt Typhoon hackers conduct extensive preliminary intelligence to study the target organization and its environment. They then adapt their tools and techniques to the specific infrastructure of the victim and devote significant resources to maintaining a covert presence.
It is worth noting that the group is focused only on a narrow range of targets, but at the same time carefully prepares and conducts attacks. This methodical approach is confirmed by numerous cases of repeated hacking of the same organizations in order to expand unauthorized access.
In addition to the stolen credentials, Volt Typhoon actively uses LotL techniques, leaving no obvious traces of its presence. This makes them even more difficult to detect.
"Such methods allow attackers to act covertly, disguising their activity as legitimate behavior of systems and networks. In such conditions, they are very difficult to detect, even for organizations with a developed level of cybersecurity, " said the National Cyber Security Center of the UK.
