Active Directory Attacks are real and are occurring even now
Hi All
CISA, the FBI and NSA have identified that the People’s Republic of China (PRC) state sponsored cyber attackers are seeking to pre-position themselves on IT networks for disruptive cyber- attacks against U.S. critical infrastructure. Numerous critical infrastructure operators have had their IT systems compromised by Volt Typhoon (aka Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious Taurus).
Volt Typhoons activities are challenging to identify and respond to due to the actor’s primary method of attack, “Living off the Land”, which leverages legitimate tools and functionalities already present within a compromised system or network to carry out malicious activities. Rather than relying on conspicuous malware or custom tools that may trigger security alerts, attackers use built-in utilities, scripts, or administrative functionalities to blend in with normal network activity and evade detection.
Maybe this should have been put under Threats? It is real and it is happening now - happy days Microsoft.
