Microsoft warns that the Chinese government hacker group ``Bolt Typhoon'' is conducting spy activities targeting critical infrastructure




Microsoft has issued a warning that the Chinese government-backed attack group `` Volt Typhoon '' is targeting critical infrastructure in the United States.

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/



Microsoft warns that China hackers attacked US infrastructure

https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html



According to Microsoft, Bolt Typhoon will be active from mid-2021. Targets include Guam and other critical infrastructure organizations in the United States, with a detailed breakdown ranging from government organizations and utilities to telecommunications, information technology, maritime, transportation, construction, manufacturing, and education.

The confirmed activity suggests that threat actors are conducting spying activities and trying to maintain access without being found for as long as possible.

According to Microsoft's report, Bolt Typhoon invades target organizations using the unknown vulnerability of 'FortiGuard' provided by security company Fortinet. Once it gains access to the target environment, it attempts to steal user credentials via the command line and use them to infiltrate other systems.

Microsoft has already notified affected parties.

This matter has also been grasped by the United States Cyber Security and Infrastructure Security Agency (CISA). According to CISA, this type of activity may also occur outside the United States.

People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a



In addition, names such as 'Soft Cell', 'Naikon APT group', and 'Emissary Panda' are known as threat actors acting for China's national interests.

What are the three groups that carry out cyber attacks and spy activities for ``China's national interests''? -GIGAZINE



Most recently, a group called 'Camaro Dragon' has been found to have carried out targeted cyberattacks against European diplomatic institutions via routers.

A cyber attack group `` Camaro Dragon '' supported by the Chinese government has a backdoor in the router and is infringing the network-GIGAZINE



in Security, Posted by logc_nt