https://community.isc2.org/t5/Tech-Talk/Active-Directory-attacks-who-said-it-was-a-good-idea/m-p/70140#M4420 <P>Hi All</P><P>&nbsp;</P><P>CISA, the FBI and NSA have identified that the People’s Republic of China (PRC) state<BR />sponsored cyber attackers are seeking to pre-position themselves on IT networks for<BR />disruptive cyber- attacks against U.S. critical infrastructure. Numerous critical<BR />infrastructure operators have had their IT systems compromised by Volt Typhoon (aka<BR />Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious<BR />Taurus).</P><P><BR />Volt Typhoons activities are challenging to identify and respond to due to the actor’s<BR />primary method of attack, “Living off the Land”, which leverages legitimate tools and<BR />functionalities already present within a compromised system or network to carry out<BR />malicious activities. Rather than relying on conspicuous malware or custom tools that<BR />may trigger security alerts, attackers use built-in utilities, scripts, or administrative&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; functionalities to blend in with normal network activity and evade detection.</P><P>&nbsp;</P><P>Maybe this should have been put under Threats?&nbsp; It is real and it is happening now - happy days Microsoft.</P><P>&nbsp;</P><P><A href="https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-attacks-on-Active-Directory-Whitepaper-2.pdf" target="_blank">https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-attacks-on-Active-Directory-Whitepaper-2.pdf</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Fri, 10 May 2024 05:59:14 GMT Caute_cautim 2024-05-10T05:59:14Z https://community.isc2.org/t5/Tech-Talk/Active-Directory-attacks-who-said-it-was-a-good-idea/m-p/70140#M4420 <P>Hi All</P><P>&nbsp;</P><P>CISA, the FBI and NSA have identified that the People’s Republic of China (PRC) state<BR />sponsored cyber attackers are seeking to pre-position themselves on IT networks for<BR />disruptive cyber- attacks against U.S. critical infrastructure. Numerous critical<BR />infrastructure operators have had their IT systems compromised by Volt Typhoon (aka<BR />Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious<BR />Taurus).</P><P><BR />Volt Typhoons activities are challenging to identify and respond to due to the actor’s<BR />primary method of attack, “Living off the Land”, which leverages legitimate tools and<BR />functionalities already present within a compromised system or network to carry out<BR />malicious activities. Rather than relying on conspicuous malware or custom tools that<BR />may trigger security alerts, attackers use built-in utilities, scripts, or administrative&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; functionalities to blend in with normal network activity and evade detection.</P><P>&nbsp;</P><P>Maybe this should have been put under Threats?&nbsp; It is real and it is happening now - happy days Microsoft.</P><P>&nbsp;</P><P><A href="https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-attacks-on-Active-Directory-Whitepaper-2.pdf" target="_blank">https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-attacks-on-Active-Directory-Whitepaper-2.pdf</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Fri, 10 May 2024 05:59:14 GMT https://community.isc2.org/t5/Tech-Talk/Active-Directory-attacks-who-said-it-was-a-good-idea/m-p/70140#M4420 Caute_cautim 2024-05-10T05:59:14Z