BY Jack Davis, The Western JournalMay 29, 2023
10 months ago
BY 
 | May 29, 2023
10 months ago

China-Sponsored Actor Targeting Key US Infrastructure, 'Living Off the Land' to Evade Detection

Government agencies and tech giant Microsoft have warned against a Chinese hacker targeting American infrastructure.

According to an alert from Microsoft, the company and federal agencies have found “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.”

The Microsoft advisory said “Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” is behind the attacks.

The alert said the hacker has a long-range, deadly purpose.

“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," Microsoft wrote.

According to an alert from the Department of Defense, Volt Typhoon does his work by hijacking other systems.

“One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives,” the alert said.

“This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations,” the alert said.

The alert said it was issued by American and foreign agencies because “this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.”

The advisory warned that small home and office networks are among the most vulnerable.

The advisory said anyone responsible for the security of one of these networks must ensure that “network management interfaces are not exposed to the Internet to avoid them being re-purposed as redirectors by malicious actors. If they must be exposed to the Internet, device owners and operators should ensure they follow zero trust principles and maintain the highest level of authentication and access controls possible.”

Microsoft said Volt Typhoon has been seeking to cause disruption since 2021 and has targeted “critical infrastructure organizations” in American locations, including Guam.

Rob Joyce, the cybersecurity director for the National Security Agency, said Volt Typhoon tunnels into a system to use it for his own ends.

“Cyber actors find it easier and more effective to use capabilities already built into critical infrastructure environments. A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defenses and leaving no trace behind,” he said in a release on the NSA website.

“For years, China has conducted operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations around the globe,” said Jen Easterly, Cybersecurity and Infrastructure Security Agency director.

“Today’s advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation’s critical infrastructure. This joint advisory will give network defenders more insights into how to detect and mitigate this malicious activity,” she said.

The advisory was jointly issued by the NSA, CISA, FBI, Australian Cyber Security Centre, Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre.

This article appeared originally on The Western Journal.

Written by: Jack Davis, The Western Journal

NATIONAL NEWS

SEE ALL

Stanford Faculty Member Under Fire For Biden Murder Comments

In a shocking declaration, Hamza El Boudali, a teacher's assistant at Stanford University, has publicly called for the assassination of U.S. President Joe Biden. This…
8 hours ago
 • By Staff Writers

Boeing Whistleblower Comes Clean In Blow To Biden Administration

In an alarming incident that has shaken the aviation industry to its core, an Alaska Airlines Flight 1282 experienced explosive decompression at nearly 15,000 feet…
9 hours ago
 • By Staff Writers

Kelly Clarkson Opens Up On Difficult Divorce

In an era when celebrity divorces are often headlines for their contentiousness, Kelly Clarkson's recent reflections offer a poignant counternarrative. Kelly Clarkson's journey through a…
9 hours ago
 • By Staff Writers

Democrat In Battleground State Won’t Seek Re-Election

In an unexpected move that has stirred significant conversation, Annie Kuster, a seasoned Democratic Representative from New Hampshire, has decided not to seek re-election in…
9 hours ago
 • By Staff Writers

Pilot Allegedly Pulled Rudder Before Smashing Into Bridge

In what seems to be an unfortunate mechanical failure, a freighter's loss of power led to a catastrophic collision. Dali's pilot attempted to avoid a…
10 hours ago
 • By Staff Writers

DON'T WAIT.

We publish the objective news, period. If you want the facts, then sign up below and join our movement for objective news:

    LATEST NEWS

    Newsletter

    Get news from American Digest in your inbox.

      By submitting this form, you are consenting to receive marketing emails from: American Digest, 3000 S. Hulen Street, Ste 124 #1064, Fort Worth, TX, 76109, US, http://americandigest.com. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.
      Christian News Alerts is a conservative Christian publication. Share our articles to help spread the word.
      © 2024 - CHRISTIAN NEWS ALERTS - ALL RIGHTS RESERVED
      magnifier