9.6 C
Athens
Τετάρτη, 25 Δεκεμβρίου, 2024

Microsoft Catches Chinese-Gov Hackers Targeting US Critical Infrastructure

Περισσότερα Νέα

- Advertisement -

Microsoft says it has caught Chinese state-backed hackers siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean.

The discovery of Chinese-made cyberespionage malware in Guam is raising eyebrows because the tiny island is considered an important part of a future China/Taiwan military conflict.

Microsoft nicknamed the campaign Volt Typhoon and described it as “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery.”

“Microsoft assesses with moderate confidence that this [Chinese cyberespionage] campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the software giant said in a note documenting the APT discovery.

The U.S. government’s cybersecurity response agency CISA also issued an urgent bulletin on Wednesday calling attention to the threat actor and providing mitigation guidance, IOCs and other telemetry to help defenders hunt for signs of compromise.

- Advertisement -

Redmond said the group has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.

The Chinese government hackers have hit a wide variety of organizations spanning communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and the education sectors. 

“The threat actor intends to perform espionage and maintain access without being detected for as long as possible,” Microsoft said.

The hacking group breaks into target companies through internet-facing Fortinet FortiGuard devices and latches onto compromised small office/home office (SOHO) routers  to obfuscate the source of their activity.

“Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the internet. Owners of network edge devices should ensure that management interfaces are not exposed to the public internet in order to reduce their attack surface,” the company said.

“By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.”

According to the report, the group primarily relies on so-called “living-off-the-land” commands to find information on the system, discover additional devices on the network, and exfiltrate data.

Preparing for future conflict?

“We recognize the actor from a series of intrusions that have targeted air, maritime, and land transportation targets, as well as other organizations,” John Hultquist, Chief Analyst at Google-owned Mandiant, told SecurityWeek. “There are a variety of reasons actors target critical infrastructure, but a persistent focus on these sectors may indicate preparation for disruptive or destructive cyberattack.”

While the discovery is alarming, Hultquist said activity like this does not mean attacks are inevitable.

“States conduct long-term intrusions into critical infrastructure to prepare for possible conflict, because it may simply be too late to gain access when conflict arises,” he said. “Similar contingency intrusions are regularly conducted by states. Over the last decade, Russia has targeted a variety of critical infrastructure sectors in operations that we do not believe were designed for immediate effect. China has done the same in the past, targeting the oil and gas sector.”

While Beijing’s operations are aggressive, Hultquist says they don’t necessarily indicate attacks are looming. “A far more reliable indicator for destructive and disruptive cyberattack is a deteriorating geopolitical situation. A destructive and disruptive cyberattack is not just a wartime scenario either. This capability may be used by states looking for alternatives to armed conflict.”

“Chinese cyberthreat actors are unique among their peers in that they have not regularly resorted to destructive and disruptive cyberattacks. As a result,” Hultquist said, “their capability is quite opaque.This disclosure is a rare opportunity to investigate and prepare for this threat.”

- Advertisement -

ΑΠΑΝΤΗΣΤΕ

εισάγετε το σχόλιό σας!
παρακαλώ εισάγετε το όνομά σας εδώ

The reCAPTCHA verification period has expired. Please reload the page.

Ροή ειδήσεων

ΣΧΕΤΙΚΑ ΑΡΘΡΑ

Pakistan’s Security Challenges Threaten to Undermine Its Relationship with China

China and Pakistan have long enjoyed close relations, often described as an “ironclad friendship.” However, the historically close relationship between Pakistan and China is...

China’s Military Intervention in Africa

Africa has become a critical arena for China’s military and security strategy beyond its border. The establishment of the PLA overseas base in Djibouti...

Rising Online Surveillance and Deteriorating Internet Freedom in Pakistan

Internet users in Pakistan have reported widespread connectivity issues, including delays in social media messages, difficulties uploading files, and problems sending voice notes. These...

Deep Waters, Dark Secrets – China’s Role in Baltic Cable Sabotage

A Chinese bulk carrier, ‘Yi Peng 3’ is under scrutiny for its possible involvement in damaging two critical undersea cables in the Baltic Sea. It...

ΔΗΜΟΦΙΛΗ ΑΡΘΡΑ

Αποκλειστικό: Συγκλονιστικά βίντεο από τις συγκρούσεις Κούρδων-ισλαμιστών – Οι Κούρδοι καταστρέφουν τουρκικά όπλα με FPV Kamikaze Drone

Οι «Συριακές Δημοκρατικές Δυνάμεις» ( #SDF ) πραγματοποίησαν επιθέσεις με ρουκέτες εναντίον θέσεων του «Συριακού Εθνικού Στρατού» (φιλότουρκοι) (πρώην #TFSA ) κοντά στο φράγμα...

Αποκλειστικό: Στη τουρκική τηλεόραση δείχνουν πως θα γίνει η επίθεση κατά των Κούρδων – Περιπολίες αμερικανών στο Κομπάνι-Βίντεο

Ενώ μια κανονική χώρα θα γιόρταζε την παραμονή των Χριστουγέννων με την οικογένεια και θα παρακολουθούσε χριστουγεννιάτικες αφιερώσεις, το τουρκικό εθνικό κανάλι έχει στρατηγούς...

Aποκλειστικό: Άσκηση κατάληψης νησιών στο Αιγαίο πραγματοποίησε η Τουρκία

Με την συγκρότηση και δεύτερης ταξιαρχίας ΠΖΝ και το τεράστιο εξοπλιστικό πρόγραμμα που βρίσκεται σε εξέλιξη , φαίνεται ξεκάθαρα το επιθετικό δόγμα της Τουρκίας...

Aποκλειστικό-Ισλαμιστές απειλούν Χριστιανούς αδελφούς μας: ”Θα εξαφανίσουμε τους Ρωμιούς από την Συρία!”-Χιλιάδες Χριστιανοί σε όλη την Συρία στους δρόμους-Βίντεο

Θα τελειώσουμε τους Ρωμιούς (Χριστιανούς), είμαστε οι τελευταίοι Ομμάιντ» αυτό είπαν κάποιοι ισλαμιστές αφού παραπονέθηκαν ότι πάλεψαν να «ελευθερώσουν» τη Συρία, θέλουν αίμα. https://twitter.com/poqanarii/status/1871646975516651990 https://twitter.com/poqanarii/status/1871380680082604540 https://twitter.com/poqanarii/status/1871358524875555044 https://twitter.com/poqanarii/status/1871347409521152085 https://twitter.com/GrecoLevantines/status/1871662589673107529 https://twitter.com/GrecoLevantines/status/1871529569846739161