Security News > 2024 > February > China's Volt Typhoon spies broke into emergency network of 'large' US city
The Chinese government's Volt Typhoon spy team has apparently already compromised a large US city's emergency services network and has been spotted snooping around America's telecommunications' providers as well.
On the other hand, you may expect China by now to be all over US infrastructure just as much as Uncle Sam's NSA and CIA is probably all over Chinese networks.
In one of the instances where Volt Typhoon compromised a US electric company, the spies had been on the organization's IT network for "Well over 300 days" before being spotted, according to Dragos' Lee.
While they weren't able to infiltrate the operational technology, or OT, network, Volt Typhoon did manage to steal geographic information systems' data, "Things that would be useful in future disruptive attacks," Lee noted.
Some of the devices and software the Chinese spies have compromised include Fortinet FortiGuard, PRTG Network Monitor appliances, ManageEngine ADSelfService Plus, FatePipe WARP, Ivanti Connect Secure VPN, and Cisco ASA, according to the Dragos report.
After gaining access to victims' IT networks, usually by exploiting buggy routers or VPN gateways, they use "Living off the land" techniques and stolen credentials to move laterally through the network.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/02/14/volt_typhoon_emergency_network/
Related news
- China’s FamousSparrow flies back into action, breaches US org after years off the radar (source)
- Ex-Meta exec tells Senate Zuck dangled US citizen data in bid to enter China (source)
- China reportedly admitted directing cyberattacks on US infrastructure (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- China now America's number one cyber threat – US must get up to speed (source)
- Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China (source)