Researchers have discovered a new Chinese-sponsored actor dubbed Volt Typhoon targeting critical infrastructures from United States to obtain sensitive information.
The conducted attacks have been performed to evade detection as long as possible.
To achieve that they have mainly leveraged legit Windows applications also known as living-off-the-land binaries (LOLBins) to perform different tasks such as credential access or information discovery.
Also Volt Typhoon has used well-known open-source tools such as Impacket or Fast Reverse Proxy (FRP) to establish a command and control channel over proxy.
SkyWatchSM Alert Legend
Glesec Information Sharing Protocol
GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).
Disclosure is Not Limited.
Limited Disclosure, Restricted Only to the Community.
Limited Disclosure, restricted to the Participant's Organization.
Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.