BY Jack Davis, The Western JournalMay 29, 2023
4 months ago

China-Sponsored Actor Targeting Key US Infrastructure, 'Living Off the Land' to Evade Detection

Government agencies and tech giant Microsoft have warned against a Chinese hacker targeting American infrastructure.

According to an alert from Microsoft, the company and federal agencies have found “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.”

The Microsoft advisory said “Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering,” is behind the attacks.

The alert said the hacker has a long-range, deadly purpose.

“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," Microsoft wrote.

According to an alert from the Department of Defense, Volt Typhoon does his work by hijacking other systems.

“One of the actor’s primary tactics, techniques, and procedures (TTPs) is living off the land, which uses built-in network administration tools to perform their objectives,” the alert said.

“This TTP allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations,” the alert said.

The alert said it was issued by American and foreign agencies because “this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.”

The advisory warned that small home and office networks are among the most vulnerable.

The advisory said anyone responsible for the security of one of these networks must ensure that “network management interfaces are not exposed to the Internet to avoid them being re-purposed as redirectors by malicious actors. If they must be exposed to the Internet, device owners and operators should ensure they follow zero trust principles and maintain the highest level of authentication and access controls possible.”

Microsoft said Volt Typhoon has been seeking to cause disruption since 2021 and has targeted “critical infrastructure organizations” in American locations, including Guam.

Rob Joyce, the cybersecurity director for the National Security Agency, said Volt Typhoon tunnels into a system to use it for his own ends.

“Cyber actors find it easier and more effective to use capabilities already built into critical infrastructure environments. A PRC state-sponsored actor is living off the land, using built-in network tools to evade our defenses and leaving no trace behind,” he said in a release on the NSA website.

“For years, China has conducted operations worldwide to steal intellectual property and sensitive data from critical infrastructure organizations around the globe,” said Jen Easterly, Cybersecurity and Infrastructure Security Agency director.

“Today’s advisory, put out in conjunction with our US and international partners, reflects how China is using highly sophisticated means to target our nation’s critical infrastructure. This joint advisory will give network defenders more insights into how to detect and mitigate this malicious activity,” she said.

The advisory was jointly issued by the NSA, CISA, FBI, Australian Cyber Security Centre, Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre.

This article appeared originally on The Western Journal.

Written by: Jack Davis, The Western Journal



Blinken admits Obama was wrong about Russia

Secretary of State Antony Blinken recently revealed that former President Barack Obama's stance on Russia in the 2012 presidential debate was misplaced. In a surprising…
13 hours ago
 • By Staff Writers

Trump campaign says GOP debates are ‘boring’, calls for cancellation of remaining debates

Donald Trump’s campaign has voiced its dissatisfaction with the GOP primary debates, labeling them as 'boring' and 'inconsequential' and has urged for their discontinuation. In…
13 hours ago
 • By Staff Writers

Award-winning guitarist Al Di Meola has heart attack on stage

Famous guitarist Al Di Meola, 69, stumbled off a Bucharest stage on Wednesday, and later revealed that he’d had a heart attack mid-show. Al Di…
13 hours ago
 • By Staff Writers

Biden Admin confirms historic crackdown on offshore oil and gas drilling

The Biden administration has released one of the most restrictive five-year leasing programs in history. For those concerned about the future of energy in the…
13 hours ago
 • By Staff Writers

Woke Top General Mark Milley is retiring

Chairman of the Joint Chiefs of Staff Mark Milley is retiring after a chaotic stint in office. Mark Milley, who served as the top US…
13 hours ago
 • By Staff Writers


We publish the objective news, period. If you want the facts, then sign up below and join our movement for objective news:



    Get news from American Digest in your inbox.

      By submitting this form, you are consenting to receive marketing emails from: American Digest, 3000 S. Hulen Street, Ste 124 #1064, Fort Worth, TX, 76109, US, You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact.
      Scelerisque volutpat pellentesque sed ornare egestas. Urna, cursus enim, faucibus tellus amet dignissim imperdiet ut.