Security News > 2023 > May > Five Eyes and Microsoft accuse China of attacking US infrastructure again
China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity.
The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."
Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open source tools to establish a command and control channel over proxy to further stay under the radar," Microsoft suggests.
The Five Eyes advisory points out that Windows makes these activities possible.
News of Volt Typhoon's alleged activities adds to the many allegations that China runs crews dedicated to attacking foreign governments and businesses.
The US claims China is its most prolific online foe and employs 50 attackers for every stateside defender.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/25/china_volt_typhoon_attacks/
Related news
- China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says (source)
- Hackers game out infowar against China with the US Navy (source)
- Microsoft unveils finalized EU Data Boundary as European doubt over US grows (source)
- China's Silk Typhoon, tied to US Treasury break-in, now hammers IT and govt targets (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)