"Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks"

"Volt Typhoon," a recently identified Chinese nation-state actor, has been observed to be active in the wild since at least mid-2020, with the hacking group linked to never-before-seen tradecraft aimed at maintaining remote access to targets. CrowdStrike, which is tracking the adversary under the name "Vanguard Panda," is the source of these findings. According to the cybersecurity firm, the adversary used ManageEngine Self-service Plus exploits to gain initial access, custom web shells for persistent access, and living-off-the-land (LOTL) techniques for lateral movement. Volt Typhoon, also known as Bronze Silhouette, is a Chinese cyber espionage group linked to network intrusion operations against the US government, defense, and critical infrastructure organizations. An analysis of the group's operations reveals that it prioritizes operational security, targeting a limited number of victims with an extensive set of open source tools to carry out long-term malicious actions. This article continues to discuss findings regarding the Volt Typhoon Chinese nation-state actor.

THN reports "Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks"