In a recent discovery, Microsoft (NASDAQ:MSFT) has exposed a sophisticated cyber-attack campaign aimed at critical infrastructure organisations in the United States with potential fallout expected worldwide.
The malicious activity, carried out by a Chinese state-sponsored actor known as Volt Typhoon, has raised concerns about potential disruptions to critical communications infrastructure between the United States and the Asia region during future crises.
This news comes as a wake-up call for the nation’s cybersecurity and underscores the need for heightened vigilance and protective measures.
In a joint advisory, the United States along with its international partners, which includes the Australian Cyber Security Centre and the Australian Signals Directorate has warned of potential fallout from this incident affecting other sectors worldwide.
Today we released a joint advisory with international partners on activity linked to a People’s Republic of China state-sponsored cyber actor. Networks across U.S. critical infrastructure are affected; other sectors worldwide could be targeted. Read more https://t.co/431byLP4Mb pic.twitter.com/cZyZAyw8Fw— Australian Cyber Security Centre (@CyberGovAU) May 24, 2023
Living-off-the-land technique
Volt Typhoon, known for its focus on espionage and information gathering, has been operating since mid-2021.
The campaign has primarily targeted critical infrastructure organisations in Guam and other parts of the United States, affecting various sectors including communications, manufacturing, utilities, transportation, construction, maritime, government, information technology and education.
The objective is to perform covert espionage while maintaining long-term undetected access.
To achieve this, Volt Typhoon employs sophisticated techniques that emphasise stealth and evasion.
The threat actors rely heavily on living-off-the-land techniques, utilising existing tools and systems to carry out their malicious activities.
Volt Typhoon, a Chinese state-sponsored actor, uses living-off-the-land (LotL) and hands-on-keyboard TTPs to evade detection and persist in an espionage campaign targeting critical infrastructure organizations in Guam and the rest of the United States. https://t.co/FZxjfiA0Hw— Microsoft Threat Intelligence (@MsftSecIntel) May 24, 2023