CrackitToday App

Volt Typhoon

Volt Typhoon:

The United States government recently shut down a major China-backed hacking group dubbed “Volt Typhoon” that attacked hundreds of routers and had been working to compromise U.S. cyber infrastructure.

  • Volt Typhoon is a state-sponsored hacking group based in China that has been active since at least 2021.
  • The group typically focuses on espionage and information gathering.
  • It has targeted critical infrastructure organisations in the US, including Guam.
  • To achieve their objective, the threat actor puts a strong emphasis on stealth, relying almost exclusively on living-off-the-land techniquesand hands-on-keyboard activity.
  • The recurring attack pattern of the Volt Typhoon begins with initial access via exploitation of public-facing devices or services.
  • Volt Typhoon employs the comparatively uncommon practice of leveraging preinstalled utilities for most of their victim interactions.
  • Compromised small office/home office (SOHO) devices are used by the attackers to proxy communications to and from the affected networks.
  • They issue commands via the command line to (1) collect data, including credentials from local and network systems: (2) put the data into an archive file to stage it for exfiltration: and then (3) use the stolen valid credentials to maintain persistence.
  • Volt Typhoon was a particularly quiet operator that hid its traffic by routing it through hacked network equipment, like home routers, and carefully expunging evidence of intrusions from the victim’s logs.