The recent advisory pinpoints a variety of techniques employed by these threat actors, but of particular interest is their focus on “living off the land” and the exploitation of network devices such as routers. Their primary motivation is often strategic intelligence gathering, targeted disruption, or simply asserting a foothold in networks for future operations. Chinese APT groups like Volt Typhoon have a history of sophisticated cyber-espionage campaigns. Network Devices on Target: Not for the first timeĪttacks originating from Chinese based cyber-espionage groups are not new to Check Point Research and the cyber security community. Many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the internet. In this advisory, and on an accompanying blog post by Microsoft, it is described that Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers). “The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,” said a statement released by authorities in the US, Australia, Canada, New Zealand and the UK – countries that make up the Five Eyes intelligence network. Last Wednesday, Microsoft issued a warning claiming Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations.
0 kommentar(er)
