Security News > 2023 > May > Five Eyes and Microsoft accuse China of attacking US infrastructure again
China has attacked critical infrastructure organizations in the US using a "Living off the land" attack that hides offensive action among everyday Windows admin activity.
The attack was spotted by Microsoft and acknowledged by intelligence and infosec agencies from the Five Eyes nations - Australia, Canada, New Zealand, the UK and the US. A joint cyber security advisory [PDF] from ten agencies describes "a recently discovered cluster of activity of interest associated with a People's Republic of China state-sponsored cyber actor, also known as Volt Typhoon."
Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open source tools to establish a command and control channel over proxy to further stay under the radar," Microsoft suggests.
The Five Eyes advisory points out that Windows makes these activities possible.
News of Volt Typhoon's alleged activities adds to the many allegations that China runs crews dedicated to attacking foreign governments and businesses.
The US claims China is its most prolific online foe and employs 50 attackers for every stateside defender.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/25/china_volt_typhoon_attacks/
Related news
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products (source)
- US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- America's enemies targeting US critical infrastructure should be 'wake-up call' (source)