Microsoft claims Chinese hackers are targeting critical US infrastructure
Buzz News
Cybersecurity researchers at Microsoft say they have uncovered a state-sponsored hacking group from China that has been actively targeting critical infrastructure organizations in the United States for the past two years.
The researchers claim that the group, which it calls Volt Typhoon, is focused on espionage and information gathering with the goal of developing solutions that could disrupt critical communications infrastructure between the United States and Asia during future crises. .
The US and China currently disagree over the future of Taiwan, with some media outlets even claiming that the Chinese are preparing for a full-scale invasion of the island. US President Joe Biden SaidOn several occasions, the US is prepared to defend Taiwan with military force if necessary.
abusing zero-days
Taiwan is, among other things, one of the world’s largest manufacturers of semiconductors.
Microsoft claims that through mid-2021, the group has been actively targeting organizations in Guam and elsewhere in the US in industries such as communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.
Guam is an unincorporated territory of the United States in the Micronesia subregion of the western Pacific Ocean, relatively close to Taiwan.
Microsoft says that in order to achieve its goal of spying and gathering intelligence, while at the same time being as stealthy as possible, the group deployed specific tactics, including techniques to stay off the ground and hand-to-hand combat. Board activity is included.
Among other things, the group stole login credentials from local and network systems, and attempted to exfiltrate sensitive data by quietly incorporating them into normal network activity. They did this by routing traffic through compromised small office and home office network equipment such as routers, firewalls and VPN hardware.
For initial access, the group exploited a zero-day vulnerability in Internet-facing Fortinet FortiGuard devices.
The company concluded, “With any observed nation-state actor activity, Microsoft has directly notified targeted or compromised customers, providing them with the critical information they need to secure their environments.”
Via: bleeping computer