China state-sponsored actor carries out 'attack' on US critical infrastructure, Microsoft says

Microsoft says that Volt Typhoon is a state-sponsored actor of the PRC

China state-sponsored cyber actor Volt Typhoon is targeting critical infrastructure organizations in the U.S., according to Microsoft.

Microsoft warned Wednesday that Volt Typhoon, a cyber actor linked to the People's Republic of China, is targeting critical infrastructure organizations in the U.S.

Microsoft said in a Wednesday post that the company has "uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States."

"The attack is carried out by Volt Typhoon," Microsoft said. Volt Typhoon is a Chinese state-sponsored actor that focuses on "espionage and information gathering."

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the statement reads.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) and international cybersecurity authorities issued a joint Cybersecurity Advisory (CSA) warning the agencies believe Volt Typhoon, which they noted is associated with the People's Republic of China, "could apply the same techniques" against infrastructure networks across the U.S. and "other sectors worldwide."

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) acknowledged it is aware of Volt Typhoon's activities threatening U.S. critical infrastructure organizations and issued warning along with international cybersecurity authorities.

The CSA explained Volt Typhoon's primary tactics, techniques and procedures (TTPs) is "living off the land," which allows it to avoid detection by using built-in network administration tools to blend in with normal Windows systems and fly under the radar of third-party endpoint detection and response products.

The agencies recommend organizations take steps to tighten up their cybersecurity in light of the threat, such as hardening domain controllers, monitoring event logs, limiting port proxy usage, investigating any unusual IP addresses and reviewing firewall configurations.

AI Disclaimer: An advanced artificial intelligence (AI) system generated the content of this page on its own. This innovative technology conducts extensive research from a variety of reliable sources, performs rigorous fact-checking and verification, cleans up and balances biased or manipulated content, and presents a minimal factual summary that is just enough yet essential for you to function as an informed and educated citizen. Please keep in mind, however, that this system is an evolving technology, and as a result, the article may contain accidental inaccuracies or errors. We urge you to help us improve our site by reporting any inaccuracies you find using the "Contact Us" link at the bottom of this page. Your helpful feedback helps us improve our system and deliver more precise content. When you find an article of interest here, please look for the full and extensive coverage of this topic in traditional news sources, as they are written by professional journalists that we try to support, not replace. We appreciate your understanding and assistance.