Active Directory Attacks are real and are occurring even now

Caute_cautim — Fri, 10 May 2024 06:03:05 GMT

Hi All

CISA, the FBI and NSA have identified that the People’s Republic of China (PRC) state
sponsored cyber attackers are seeking to pre-position themselves on IT networks for
disruptive cyber- attacks against U.S. critical infrastructure. Numerous critical
infrastructure operators have had their IT systems compromised by Volt Typhoon (aka
Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious
Taurus).

Volt Typhoons activities are challenging to identify and respond to due to the actor’s
primary method of attack, “Living off the Land”, which leverages legitimate tools and
functionalities already present within a compromised system or network to carry out
malicious activities. Rather than relying on conspicuous malware or custom tools that
may trigger security alerts, attackers use built-in utilities, scripts, or administrative functionalities to blend in with normal network activity and evade detection.

Maybe this should have been put under Threats? It is real and it is happening now - happy days Microsoft.

https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-a...

Regards

Caute_Cautim

Re: Active Directory Attacks are real and are occurring even now

Kyaw_Myo_Oo — Thu, 30 May 2024 06:05:44 GMT

Thanks for sharing @Caute_cautim.

topic Re: Active Directory Attacks are real and are occurring even now in Threats

Active Directory Attacks are real and are occurring even now

Re: Active Directory Attacks are real and are occurring even now