Security News > 2023 > May > China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected
A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday.
The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon.
The main goal is to sidestep detection by harmonizing with regular Windows system and network activities, indicating that the threat actor is deliberately keeping a low profile to gain access to sensitive information.
Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware," Microsoft said.
Another unusual tradecraft is the use of custom versions of open source tools to establish a command-and-control channel over proxy as well as other organizations' compromised servers in its C2 proxy network to hide the source of the attacks.
Secureworks, which is monitoring the threat group under the name Bronze Silhouette, said it has "Demonstrated careful consideration for operational security and reliance on compromised infrastructure to prevent detection and attribution of its intrusion activity."
News URL
https://thehackernews.com/2023/05/chinas-stealthy-hackers-infiltrate-us.html
Related news
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait (source)
- China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks (source)
- Volunteer DEF CON hackers dive into America's leaky water infrastructure (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)