Security News > 2023 > May > China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday.

The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon.

The main goal is to sidestep detection by harmonizing with regular Windows system and network activities, indicating that the threat actor is deliberately keeping a low profile to gain access to sensitive information.

Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware," Microsoft said.

Another unusual tradecraft is the use of custom versions of open source tools to establish a command-and-control channel over proxy as well as other organizations' compromised servers in its C2 proxy network to hide the source of the attacks.

Secureworks, which is monitoring the threat group under the name Bronze Silhouette, said it has "Demonstrated careful consideration for operational security and reliance on compromised infrastructure to prevent detection and attribution of its intrusion activity."

News URL

https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html