cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Active Directory attacks - who said it was a good idea?

Hi All

 

CISA, the FBI and NSA have identified that the People’s Republic of China (PRC) state
sponsored cyber attackers are seeking to pre-position themselves on IT networks for
disruptive cyber- attacks against U.S. critical infrastructure. Numerous critical
infrastructure operators have had their IT systems compromised by Volt Typhoon (aka
Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious
Taurus).


Volt Typhoons activities are challenging to identify and respond to due to the actor’s
primary method of attack, “Living off the Land”, which leverages legitimate tools and
functionalities already present within a compromised system or network to carry out
malicious activities. Rather than relying on conspicuous malware or custom tools that
may trigger security alerts, attackers use built-in utilities, scripts, or administrative                                 functionalities to blend in with normal network activity and evade detection.

 

Maybe this should have been put under Threats?  It is real and it is happening now - happy days Microsoft.

 

https://certesnetworks.com/wp-content/uploads/2024/04/Going-on-the-Offensive-Tackling-Volt-Typhoon-a...

 

Regards

 

Caute_Cautim

0 Replies