Tag Archive for: Volt

FACTBOX-What is Volt Typhoon, the alleged China-backed hacking group?

/in


Networks controlled by a pervasive Chinese hacking group dubbed “Volt Typhoon” have been disrupted by a U.S. government operation, Reuters exclusively reported on Monday. The group has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities, raising concerns that the hackers were working to hurt U.S. readiness in case of a Chinese invasion of Taiwan.

Here is what is known about Volt Typhoon and its potential threat: ‘FUTURE CRISES’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colourful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.” Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft Corp said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan. Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

TAIWAN BOTNET Does this mean a group of destructive hackers is preparing to sabotage U.S. infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group. It is now clear that Volt Typhoon has functioned by taking control of swathes of vulnerable digital devices around the world – such as routers, modems, and even internet-connected security cameras – to hide later, downstream attacks into more sensitive targets. This constellation of remotely controlled systems, known as a botnet, is of primary concern to security officials because they limit the visibility of cyber…

Source…

What is Volt Typhoon, the alleged China-backed hacking group?

/in


This is AI generated summarization, which may have errors. For context, always refer to the full article.

Hacking group Volt Typhoon alarms intelligence officials, who say it is part of a larger effort to compromise Western critical infrastructure

Networks controlled by a pervasive Chinese hacking group dubbed “Volt Typhoon” have been disrupted by a US government operation, Reuters exclusively reported on Monday, January 29.

The group has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities, raising concerns that the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.

Here is what is known about Volt Typhoon and its potential threat:

‘Future crises’

Nearly every country in the world uses hackers to gather intelligence. Major powers like the United States and Russia have large stables of such groups – many of which have been given colorful nicknames by cybersecurity experts, such as “Equation Group” or “Fancy Bear.”

Experts begin to worry when such groups turn their attention from intelligence gathering to digital sabotage. So when Microsoft said in a blog post in May last year that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” it immediately brought to mind escalating tensions between China and the United States over Taiwan. Any conflict between those two countries would almost certainly involve cyberattacks across the Pacific.

Taiwan botnet

Does this mean a group of destructive hackers is preparing to sabotage US infrastructure in the event of a conflict over Taiwan?

Microsoft qualified its assessment last year as “moderate confidence,” intelligence jargon that typically means a theory is plausible and credibly sourced but has yet to be fully corroborated. Different researchers have identified various aspects of the group.

It is now clear that Volt Typhoon has functioned by taking control…

Source…

Sophisticated KV-botnet linked to Volt Typhoon – SC Media

/in



Sophisticated KV-botnet linked to Volt Typhoon  SC Media

Source…

China-linked APT Volt Typhoon linked to KV-Botnet

/in


China-linked APT Volt Typhoon linked to KV-Botnet

Pierluigi Paganini
December 14, 2023

Researchers linked a sophisticated botnet, tracked as KV-Botnet, to the operation of the China-linked threat actor Volt Typhoon.

The Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. The threat actors target devices at the edge of networks.

The KV-Botnet is composed of end-of-life products used by SOHO devices. In early July and August of 2022, the researchers noticed several Cisco RV320sDrayTek Vigor routers, and NETGEAR ProSAFEs that were part of the botnet. Later, in November 2022, most of the devices composing the botnet were ProSAFE devices, and a smaller number of DrayTek routers. In November 2023, the experts noticed that the botnet started targeting Axis IP cameras, such as the M1045-LW, M1065-LW, and p1367-E.  

KV-Botnet botnet
The KV-botnet logical network map, December 2023

In May, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible.

According to Microsoft, the campaign aimed at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises.

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including…

Source…