{"id":280733,"date":"2024-02-02T18:16:24","date_gmt":"2024-02-02T12:46:24","guid":{"rendered":"https:\/\/forumias.com\/blog\/?p=280733"},"modified":"2024-02-02T18:16:24","modified_gmt":"2024-02-02T12:46:24","slug":"volt-typhoon","status":"publish","type":"post","link":"https:\/\/forumias.com\/blog\/volt-typhoon\/","title":{"rendered":"Volt Typhoon"},"content":{"rendered":"<p>Source-This post on<strong> Volt typhoon<\/strong> has been created based on the article &#8220;<strong>FBI shuts down China\u2019s \u2018Volt Typhoon\u2019 hackers targeting U.S. infrastructure<\/strong>&#8221; published in &#8220;<strong>CNBC<\/strong>&#8221; on 31 January 2024.<\/p>\n<h2>Why in the news?<\/h2>\n<p>The USA government has shut down a major China-backed hacking group that was working to compromise U.S. cyber infrastructure.<\/p>\n<h2>About Volt Typhoon<\/h2>\n<p>It is a state-sponsored actor based in China that focuses on espionage and information gathering.<\/p>\n<p>This has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.<\/p>\n<h2>How does it operate?<\/h2>\n<p>It puts strong emphasis on stealth. It relies almost exclusively on <strong>living-off-the-land techniques and hands-on-keyboard activity<\/strong><\/p>\n<p>They issue commands via the command line to-<br \/>\n(1) collect data, including credentials from local and network systems<br \/>\n(2) put the data into an archive file to stage it for exfiltration, and then use the stolen valid credentials to maintain persistence.<\/p>\n<p>It tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including<span style=\"color: #ff0000;\"> routers, firewalls, and VPN hardware.<\/span><\/p>\n<p>Furthermore, it uses<span style=\"color: #ff0000;\"> open-source tools<\/span> to establish a command and control (C2) channel over a proxy to stay under the radar.<\/p>\n<h2>Some other hacking group used by security agencies<\/h2>\n<p>1) <strong>Equation Group<\/strong> (USA)<br \/>\n2) <strong>Fancy Bear<\/strong> (Russia)<br \/>\n3) <strong>Lazarus Group<\/strong> (North Korea)<br \/>\n4) <strong>Turla (APT34)<\/strong> (Iran)<br \/>\n5) <strong>SandWorm<\/strong> (Russia)<\/p>\n<p><strong>NOTE-Living off the land (LOTL)<\/strong> is a fileless malware where the cybercriminal uses native, legitimate tools within the victim\u2019s system to sustain and advance an attack.<br \/>\n<strong>Hands-on keyboard attack<\/strong> -This occurs after a breach when attackers are already <span style=\"color: #ff0000;\">inside your environment<\/span>. A <strong>cybercriminal<\/strong> sits at a keyboard on one end of the operation, and your <span style=\"color: #ff0000;\">compromised network<\/span> sits on the other end of this technique.<\/p>\n<p><strong>UPSC Syllabus-International relation in news\/Science and Technology<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source-This post on Volt typhoon has been created based on the article &#8220;FBI shuts down China\u2019s \u2018Volt Typhoon\u2019 hackers targeting U.S. infrastructure&#8221; published in &#8220;CNBC&#8221; on 31 January 2024. Why in the news? The USA government has shut down a major China-backed hacking group that was working to compromise U.S. cyber infrastructure. About Volt Typhoon&hellip; <a class=\"more-link\" href=\"https:\/\/forumias.com\/blog\/volt-typhoon\/\">Continue reading <span class=\"screen-reader-text\">Volt Typhoon<\/span><\/a><\/p>\n","protected":false},"author":10374,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[1566,164,1738],"tags":[11872],"class_list":["post-280733","post","type-post","status-publish","format-standard","hentry","category-daily-factly-articles","category-international-relations-daily-factly-articles","category-science-and-technology-daily-factly-articles","tag-9pm-daily-factly","entry"],"jetpack_featured_media_url":"","views":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/280733","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/users\/10374"}],"replies":[{"embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/comments?post=280733"}],"version-history":[{"count":0,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/posts\/280733\/revisions"}],"wp:attachment":[{"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/media?parent=280733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/categories?post=280733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forumias.com\/blog\/wp-json\/wp\/v2\/tags?post=280733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}