Hi All
CISA, the FBI and NSA have identified that the People’s Republic of China (PRC) state
sponsored cyber attackers are seeking to pre-position themselves on IT networks for
disruptive cyber- attacks against U.S. critical infrastructure. Numerous critical
infrastructure operators have had their IT systems compromised by Volt Typhoon (aka
Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious
Taurus).
Volt Typhoons activities are challenging to identify and respond to due to the actor’s
primary method of attack, “Living off the Land”, which leverages legitimate tools and
functionalities already present within a compromised system or network to carry out
malicious activities. Rather than relying on conspicuous malware or custom tools that
may trigger security alerts, attackers use built-in utilities, scripts, or administrative functionalities to blend in with normal network activity and evade detection.
Maybe this should have been put under Threats? It is real and it is happening now - happy days Microsoft.
https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-a...
Regards
Caute_Cautim