Volt Typhoon

Source-This post on Volt typhoon has been created based on the article “FBI shuts down China’s ‘Volt Typhoon’ hackers targeting U.S. infrastructure” published in “CNBC” on 31 January 2024.

Why in the news?

The USA government has shut down a major China-backed hacking group that was working to compromise U.S. cyber infrastructure.

About Volt Typhoon

It is a state-sponsored actor based in China that focuses on espionage and information gathering.

This has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.

How does it operate?

It puts strong emphasis on stealth. It relies almost exclusively on living-off-the-land techniques and hands-on-keyboard activity

They issue commands via the command line to-
(1) collect data, including credentials from local and network systems
(2) put the data into an archive file to stage it for exfiltration, and then use the stolen valid credentials to maintain persistence.

It tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware.

Furthermore, it uses open-source tools to establish a command and control (C2) channel over a proxy to stay under the radar.

Some other hacking group used by security agencies

1) Equation Group (USA)
2) Fancy Bear (Russia)
3) Lazarus Group (North Korea)
4) Turla (APT34) (Iran)
5) SandWorm (Russia)

NOTE-Living off the land (LOTL) is a fileless malware where the cybercriminal uses native, legitimate tools within the victim’s system to sustain and advance an attack.
Hands-on keyboard attack -This occurs after a breach when attackers are already inside your environment. A cybercriminal sits at a keyboard on one end of the operation, and your compromised network sits on the other end of this technique.

UPSC Syllabus-International relation in news/Science and Technology