Chinese Hacking Group Volt Typhoon Targets Critical Systems in the US: Microsoft and NSA Raise Concerns

Microsoft and the National Security Agency (NSA) have confirmed the activities of the Chinese hacking group Volt Typhoon, believed to have connections to the Chinese government. The group has been involved in installing surveillance malware on critical systems, including Guam and other locations in the United States. The operation, which began in mid-2021, has targeted government agencies, as well as sectors such as telecommunications, manufacturing, and education.

Investigators have noted that Volt Typhoon employs stealth techniques as a priority. They utilize “living off the land” methods, leveraging existing resources within the operating system and conducting direct “hands-on-keyboard” actions. By using the command line to scrape credentials and other sensitive data, the group archives the information and employs it to maintain persistence on the victim’s system. They also attempt to conceal their activities by routing data traffic through network hardware in small offices and home offices under their control, including routers. The group uses proxies, and other means to establish command-and-control channels, further obfuscating their operations.

While there have been no reported attacks utilizing this particular malware, the web shell-based approach poses a significant threat to infrastructure. In response, Microsoft and the NSA have released information to aid potential victims in detecting and removing Volt Typhoon’s activity. They caution that closing or modifying affected accounts may prove challenging.

According to a US government official cited by The New York Times, the incursion into Guam is part of a broader Chinese intelligence-gathering initiative that includes activities such as a spy balloon crossing a US nuclear facility earlier this year. Guam serves as a critical base for the United States in responding to potential Chinese incursions into Taiwan, and it is a vital hub for ships navigating the Pacific Ocean.

In light of these developments, the Biden administration is intensifying efforts to protect critical infrastructure and establish common security requirements. The United States has experienced multiple attacks on essential systems in recent years, including those targeting gas pipelines and meat producers. The discovery of malware such as the Volt Typhoon raises concerns about the potential risks to the US military during crucial moments.

Addressing these security threats requires a concerted effort to bolster defences and enhance cybersecurity measures across critical sectors. The collaboration between government entities, technology companies like Microsoft, and intelligence agencies such as the NSA is crucial in safeguarding national interests and maintaining the integrity of vital systems against sophisticated hacking groups backed by nation-states.

Bhasker Das
Bhasker Das
Bhasker Das, with a master's in Cybersecurity, is a seasoned editor focusing on online security, privacy, and protection. When not decrypting the complexities of the cyber world, Anu indulges in his passion for chess, seeing parallels in strategy and foresight.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream