Volt Typhoon : Cyber Hack
Microsoft has uncovered stealthy and targeted malicious activity, focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.
- The Volt Typhoon is an alleged hacking group that mainly specializes in espionage and information gathering.
- It is believed that the group is backed by China.
- Volt Typhoon so far appears to be focused on stealing information from “organizations that hold data that relates to the military or government in the United States.
- Microsoft and other researchers pointed out that Volt Typhoon was a quiet operator that hid its traffic by routing it through hacked network equipment like home routers and expunged evidence of intrusions from victim’s logs.
- Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
- Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.
- Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware.