您现在的位置是:U.S. assets in Guam and mainland U.S. hacked by China >>正文

U.S. assets in Guam and mainland U.S. hacked by China

上海品茶网 - 夜上海最新论坛社区 - 上海千花论坛5196人已围观

简介By subscribing, you agree to our Terms of Use and Policies You may unsubscribe at any time.A report ...

By subscribing, you agree to our Terms of Use and Policies You may unsubscribe at any time.

A report produced by Microsoft and various worldwide intelligence services has revealed a worrying data security breach by presumed Chinese agents on critical American infrastructure in the mainland U.S. and Guam. Microsoft and the governments of the US and four other countries have reported that a hacking group from China has gained access to crucial infrastructure systems, stealing network credentials and sensitive data while remaining practically invisible.

U.S. assets in Guam and mainland U.S. hacked by China

According to Microsoft, a group known as "Volt Typhoon" has been engaged in espionage and collecting information on behalf of the People's Republic of China for at least two years. To avoid detection, the hackers rely on tools that are already installed or integrated into compromised devices, which they manually operate rather than automate. This approach is commonly referred to as "living off the land."

See Also Related
  • 'Empire of hackers': China accuses CIA of orchestrating cyberattacks using advanced tech 
  • FBI director asks for millions to catch up with China's cyber mischief 
  • Chinese Hackers Stole 600GB of Data from US Navy Contractor 

In addition to the living-off-the-land approach, the hackers employed compromised home and small office routers as an intermediary infrastructure to conceal their activity. This enabled them to communicate with infected computers using local ISPs in the same geographical area.

"To achieve their objective, the threat actor puts a strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence," explains Microsoft in the report.

"In addition, 'Volt Typhoon' tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar," Microsoft adds.

According to Microsoft researchers, the purpose of the campaign is probably to enhance abilities for interfering with crucial communication infrastructure between the US and Asia region during potential crises. Guam, for example, holds significant value for the US military due to its Pacific ports and air base. With growing tensions surrounding Taiwan, Guam's strategic importance has garnered attention.

“Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers),” Microsoft researchers explain. “Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the Internet,” they added.

Several industries have been impacted, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. The advisories offer instructions on how to disinfect networks that have been compromised.

Tags:

上一篇:Sam Bankman

下一篇:Dutch firm unleashes Evolution Eagle, a covert military spy drone

相关文章



热门文章

最新文章

友情链接