Security News > 2023 > May > Five Eyes and Microsoft accuse China of attacking US infrastructure again
China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity.
The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."
Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open source tools to establish a command and control channel over proxy to further stay under the radar," Microsoft suggests.
The Five Eyes advisory points out that Windows makes these activities possible.
News of Volt Typhoon's alleged activities adds to the many allegations that China runs crews dedicated to attacking foreign governments and businesses.
The US claims China is its most prolific online foe and employs 50 attackers for every stateside defender.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/25/china_volt_typhoon_attacks/
Related news
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- China has utterly pwned 'thousands and thousands' of devices at US telcos (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)