Security News > 2023 > June > Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks

The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.

"The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land techniques for lateral movement," the cybersecurity company said.

Volt Typhoon, as known as Bronze Silhouette, is a cyber espionage group from China that's been linked to network intrusion operations against the U.S government, defense, and other critical infrastructure organizations.

Jspx, a web shell that's camouflaged as the legitimate identity security solution to sidestep detection.

The web shell is believed to have been deployed nearly six months before the aforementioned hands-on-keyboard activity, indicative of extensive prior recon of the target network.

"The use of a backdoored Apache Tomcat library is a previously undisclosed persistence TTP in use by Vanguard Panda," CrowdStrike said, noting with moderated confidence that the implant is used to "Enable persistent access to high-value targets downselected after the initial access phase of operations using then zero-day vulnerabilities."

News URL

https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html