Security News > 2024 > February > China's Volt Typhoon spies broke into emergency network of 'large' US city
The Chinese government's Volt Typhoon spy team has apparently already compromised a large US city's emergency services network and has been spotted snooping around America's telecommunications' providers as well.
On the other hand, you may expect China by now to be all over US infrastructure just as much as Uncle Sam's NSA and CIA is probably all over Chinese networks.
In one of the instances where Volt Typhoon compromised a US electric company, the spies had been on the organization's IT network for "Well over 300 days" before being spotted, according to Dragos' Lee.
While they weren't able to infiltrate the operational technology, or OT, network, Volt Typhoon did manage to steal geographic information systems' data, "Things that would be useful in future disruptive attacks," Lee noted.
Some of the devices and software the Chinese spies have compromised include Fortinet FortiGuard, PRTG Network Monitor appliances, ManageEngine ADSelfService Plus, FatePipe WARP, Ivanti Connect Secure VPN, and Cisco ASA, according to the Dragos report.
After gaining access to victims' IT networks, usually by exploiting buggy routers or VPN gateways, they use "Living off the land" techniques and stolen credentials to move laterally through the network.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/02/14/volt_typhoon_emergency_network/
Related news
- China's Volt Typhoon reportedly breached Singtel in 'test-run' for US telecom attacks (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- China has utterly pwned 'thousands and thousands' of devices at US telcos (source)
- T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career' (source)