Security News > 2023 > May > Five Eyes and Microsoft accuse China of attacking US infrastructure again
China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity.
The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."
Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open source tools to establish a command and control channel over proxy to further stay under the radar," Microsoft suggests.
The Five Eyes advisory points out that Windows makes these activities possible.
News of Volt Typhoon's alleged activities adds to the many allegations that China runs crews dedicated to attacking foreign governments and businesses.
The US claims China is its most prolific online foe and employs 50 attackers for every stateside defender.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/25/china_volt_typhoon_attacks/
Related news
- China reportedly admitted directing cyberattacks on US infrastructure (source)
- Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- China now America's number one cyber threat – US must get up to speed (source)
- Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)