Volt Typhoon: State-Backed Chinese Hacking Group
Microsoft and the National Security Agency (NSA) have reported that a Chinese state-backed hacking group, known as Volt Typhoon, has installed surveillance malware on critical systems located in Guam and other parts of the United States. This group has been active since mid-2021 and is said to be a threat to government agencies as well as communication, manufacturing, education, and other industries.
Privacy-Focused Tactics
Volt Typhoon is said to prioritize privacy, utilizing direct keyboard action and live-on-land techniques that are based on resources already available in the operating system. They use the command line to scrape credentials and other data, archive information, and use it to remain on targeted systems. To hide their activity, they send data traffic through the small and home office network equipment they control, such as routers, and use special tools to keep their information confidential via proxy, helping them establish a command and control channel.
Conclusion
Volt Typhoon is a state-backed Chinese hacking group that has been active since mid-2021 and is a threat to government agencies as well as communication, manufacturing, education, and other industries. They prioritize privacy and use direct keyboard action and live-on-land techniques to scrape credentials and other data and remain on targeted systems. They also use special tools to keep their information confidential via proxy, helping them establish a command and control channel.