Security News > 2023 > June > Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.
"The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land techniques for lateral movement," the cybersecurity company said.
Volt Typhoon, as known as Bronze Silhouette, is a cyber espionage group from China that's been linked to network intrusion operations against the U.S government, defense, and other critical infrastructure organizations.
Jspx, a web shell that's camouflaged as the legitimate identity security solution to sidestep detection.
The web shell is believed to have been deployed nearly six months before the aforementioned hands-on-keyboard activity, indicative of extensive prior recon of the target network.
"The use of a backdoored Apache Tomcat library is a previously undisclosed persistence TTP in use by Vanguard Panda," CrowdStrike said, noting with moderated confidence that the implant is used to "Enable persistent access to high-value targets downselected after the initial access phase of operations using then zero-day vulnerabilities."
News URL
https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- Strengthening critical infrastructure cybersecurity is a balancing act (source)
- US critical infrastructure cyberattack reporting rules inch closer to reality (source)
- Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack (source)
- A “cascade” of errors let Chinese hackers into US government inboxes (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)