China-backed hackers target US infrastructure, use ‘Living Off the Land’ tactic to avoid detection.

Chinese Hacker Targets American Infrastructure, Warns Microsoft and Government Agencies

“Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” is behind the attacks.

Microsoft and federal agencies have issued an alert warning against a Chinese hacker targeting American infrastructure. According to the alert, the hacker, known as Volt Typhoon, is a state-sponsored actor based in China that typically focuses on espionage and information gathering. The hacker has been found to be engaged in “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.”

Long-Range, Deadly Purpose

The Microsoft advisory warns that Volt Typhoon has a long-range, deadly purpose. The company assesses with moderate confidence that this campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises. The Department of Defense has also issued an alert, stating that Volt Typhoon uses built-in network administration tools to perform their objectives, allowing the actor to evade detection by blending in with normal Windows system and network activities.

Small Home and Office Networks are Vulnerable

The advisory warns that small home and office networks are among the most vulnerable. Anyone responsible for the security of one of these networks must ensure that network management interfaces are not exposed to the Internet to avoid them being re-purposed as redirectors by malicious actors. If they must be exposed to the Internet, device owners and operators should ensure they follow zero trust principles and maintain the highest level of authentication and access controls possible.

Joint Advisory Issued by International Partners

The advisory was jointly issued by the NSA, CISA, FBI, Australian Cyber Security Centre, Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre. Jen Easterly, Cybersecurity and Infrastructure Security Agency director, said, “Today’s advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation’s critical infrastructure. This joint advisory will give network defenders more insights into how to detect and mitigate this malicious activity.”

Stay vigilant and follow the recommended security measures to protect your network from malicious actors.

• Ensure network management interfaces are not exposed to the Internet
• Follow zero trust principles
• Maintain the highest level of authentication and access controls possible

Source: The Western Journal