China's Volt Typhoon spies broke into emergency network of 'large' US city

2024-02-14 21:00

The Chinese government's Volt Typhoon spy team has apparently already compromised a large US city's emergency services network and has been spotted snooping around America's telecommunications' providers as well.

On the other hand, you may expect China by now to be all over US infrastructure just as much as Uncle Sam's NSA and CIA is probably all over Chinese networks.

In one of the instances where Volt Typhoon compromised a US electric company, the spies had been on the organization's IT network for "Well over 300 days" before being spotted, according to Dragos' Lee.

While they weren't able to infiltrate the operational technology, or OT, network, Volt Typhoon did manage to steal geographic information systems' data, "Things that would be useful in future disruptive attacks," Lee noted.

Some of the devices and software the Chinese spies have compromised include Fortinet FortiGuard, PRTG Network Monitor appliances, ManageEngine ADSelfService Plus, FatePipe WARP, Ivanti Connect Secure VPN, and Cisco ASA, according to the Dragos report.

After gaining access to victims' IT networks, usually by exploiting buggy routers or VPN gateways, they use "Living off the land" techniques and stolen credentials to move laterally through the network.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/14/volt_typhoon_emergency_network/

#china #city #spies #US

News URL

Related news