Volt Typhoon
TLP
TLP CLEAR
Author
Jordi M. Lobo
Summary
Microsoft has uncovered a stealthy and targeted malicious campaign led by Volt Typhoon, a state-sponsored actor from China, with a focus on post-compromise credential access and network system discovery. Their primary targets are critical infrastructure organizations in the United States, including sectors such as communications, manufacturing, utility, transportation, construction, government, and more. The threat actor’s goal is to perform espionage, maintaining undetected access, and potentially disrupt critical communications infrastructure between the United States and Asia during future crises. This campaign relies heavily on living-off-the-land techniques, stolen credentials, and custom tools to avoid detection. Microsoft is raising awareness and sharing mitigation steps to protect organizations from these stealthy attacks, emphasizing the need to close or change compromised accounts.
TIMELINE
DATA
We are providing data for attacks weekly hoping to contribute raising awareness to threats from their data.
CATEGORY
Malware
references
- https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
- https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
- https://www.microsoft.com/en-us/security/blog/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/