• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Friday, May 16, 2025
  • Login
  • Register
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Tech

Chinese State Hackers Launch Covert Operations Targeting Critical Infrastructure in the US and Guam

by Sneha Singh
May 26, 2023
in Tech
Reading Time: 3 mins read
0
US
TwitterWhatsappLinkedin

On Wednesday, Microsoft and governmental agencies from the US and four other nations disclosed that a Chinese government-backed hacking group has managed to establish a significant presence within critical infrastructure systems across the US and Guam. Operating under Volt Typhoon, the group has conducted covert operations focused on espionage and acquiring sensitive information for the People’s Republic of China over the past two years.

You might also like

xAI’s Grok Repeatedly Mentions “White Genocide” in South Africa

ChatGPT Coffee Ground Reading Leads to Divorce Over Predicted Affair

Trump Administration Drops Rule to Restrict Data Brokers from Selling Americans’ Personal Data

To maintain their stealthy operations, the hackers have employed a technique called “living off the land,” utilizing existing tools and functionalities already on compromised devices. By manually controlling these infected systems rather than relying on automated processes, the hackers have managed to evade detection for an extended period. The severity of the situation prompted Microsoft, alongside the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK), to issue a joint advisory detailing the campaign.

The revelation of this successful infiltration raises concerns about the extent of espionage activities carried out by state-sponsored hacking groups, highlighting the ongoing importance of robust cybersecurity measures within critical infrastructure sectors.

Sophisticated Use of Compromised Routers to Mask Communications Origins

In addition to employing the living-off-the-land technique, the hackers took further steps to conceal their actions by utilizing compromised home and small-office routers as intermediary infrastructure. This strategy allowed them to establish communications between infected computers and appear as if the transmissions were originating from local internet service providers (ISPs) in specific geographic areas. The researchers highlighted this aspect in Microsoft’s advisory, emphasizing the sophisticated methods employed by the hacking group to obfuscate their activities.

Chinese State Hackers Launch Covert Operations Targeting Critical Infrastructure in the US and Guam
Credits: Investing.com

Microsoft’s advisory researchers wrote, “To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence. In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using customized versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.”

According to Microsoft researchers, the Volt Typhoon campaign aims to develop capabilities that could potentially disrupt critical communications infrastructure between the United States and the Asia region in future crises. The strategic importance of Guam, with its Pacific ports and air base, has made it a focal point as tensions surrounding Taiwan continue to simmer.

The exploitation of Fortinet FortiGuard Devices and Compromised Routers as Key Entry Points

The initial entry point for the hackers involves exploiting vulnerabilities in Internet-facing Fortinet FortiGuard devices, which have become a common target for network infections in recent years. Neglected patches on these devices allow hackers to extract credentials from a network’s Active Directory. This directory stores sensitive information such as usernames, password hashes, and other crucial data for all user accounts. The compromised credentials are then utilized to infect other devices within the network.

Volt Typhoon employs compromised small-office/home-office (SOHO) network edge devices, including routers, to obfuscate their activities to proxy all network traffic towards their targets. This approach allows them to direct their attacks through these compromised devices. The advisory by Microsoft also indicates that several well-known manufacturers, such as ASUS, Cisco, D-Link, NETGEAR, and Zyxel, have devices that may expose HTTP or SSH management interfaces to the internet, providing potential points of entry for the hackers.

The remainder of the advisory primarily focuses on providing indicators of compromise that network administrators can use to determine whether their networks have been infected. These indicators serve as valuable insights to aid in detecting and mitigating the Volt Typhoon campaign.

Numerous industries have been impacted by the Volt Typhoon campaign, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The issued advisories offer comprehensive guidance to assist in the disinfection of compromised networks within these industries. This guidance aims to help affected organizations identify and eliminate the presence of the Volt Typhoon hackers from their networks, ensuring network security and integrity restoration.

Tags: Australian Cyber Security CentreChinese HackersGuamNew Zealand National Cyber Security CentreUS
Tweet54SendShare15
Previous Post

DoorDash Faces $1 Billion Lawsuit for Alleged Discriminatory Pricing Towards iPhone Users

Next Post

Nishant Patel shares insights on Implementing AI in B2B Furniture Industry

Sneha Singh

Sneha is a skilled writer with a passion for uncovering the latest stories and breaking news. She has written for a variety of publications, covering topics ranging from politics and business to entertainment and sports.

Recommended For You

xAI’s Grok Repeatedly Mentions “White Genocide” in South Africa

by Sneha Singh
May 16, 2025
0
xAI's Grok Repeatedly Mentions "White Genocide" in South Africa

X's chatbot Grok has been bizarrely fixated on discussing alleged "white genocide" in South Africa, regardless of what users are actually asking about. The AI assistant, owned by...

Read more

ChatGPT Coffee Ground Reading Leads to Divorce Over Predicted Affair

by Sneha Singh
May 16, 2025
0
ChatGPT Coffee Ground Reading Leads to Divorce Over Predicted Affair

A Greek woman has filed for divorce from her husband of 12 years based solely on ChatGPT's interpretation of coffee grounds, in what might be the first case...

Read more

Trump Administration Drops Rule to Restrict Data Brokers from Selling Americans’ Personal Data

by Harikrishnan A
May 16, 2025
0
Trump Administration Drops Rule to Restrict Data Brokers from Selling Americans’ Personal Data

In a quiet yet deeply consequential move, the Trump administration has shelved a proposed rule that would have prevented data brokers from freely selling Americans’ personal and financial...

Read more
Next Post
Nishant Patel, Digital Media Expert

Nishant Patel shares insights on Implementing AI in B2B Furniture Industry

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at [email protected]

Advertise With Us

Reach out at - [email protected]

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook flipkart funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News NFT samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2024 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2024 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?