You are here: Welcome » Volt Typhoon

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Both sides next revision
volt_typhoon [2023/05/25 00:26]
liam created		volt_typhoon [2023/05/26 00:12] (current)
liam
Line 1: Line 1:
 ====== Volt Typhoon ====== ====== Volt Typhoon ======
  
 +{{ ::volt_typhoon_logo_.png?200|}}
  
 +**Volt Typhoon** is a codename for a hacking group described as being sponsored by the [[China|Chinese government]].((Goswami, R. (2023, May 24). //Microsoft warns that China hackers attacked U.S. infrastructure.// CNBC. http://archive.today/2023.05.24-213247/https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html)) 
 +
 +The name "Volt Typhoon" is used by [[Microsoft]] to describe the group based on the company's internal "threat actor naming taxonomy."((diannegali, chrisda, Dansimp, & Stacyrch140. (2023, April 20). //How Microsoft names threat actors.// Microsoft. http://archive.today/2023.05.17-020026/https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide)) [[Secureworks]] describes the same group by the codename "Bronze Silhouette".((Secureworks Counter Threat Unit. (2023, May 24). //Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations.// Secureworks. http://archive.today/2023.05.25-155704/https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations))
 +
 +===== History =====
 +
 +Volt Typhoon has reportedly been in operation since mid-2021.((Microsoft Threat Intelligence. (2023, May 24). //Volt Typhoon targets US critical infrastructure with living-off-the-land techniques.// Microsoft Security Blog. http://archive.today/2023.05.25-103813/https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/)) In June 2021, [[Secureworks]] identified an intrusion into one of its clients' networks, which the company attributed to the group.((Secureworks Counter Threat Unit. (2023, May 24). //Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations.// Secureworks. http://archive.today/2023.05.25-155704/https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations)) Separate intrusions were reported by Secureworks in September 2021 and June 2022.
 +
 +On May 24, 2023, [[Microsoft]] issued a warning that Volt Typhoon had "compromised 'critical' U.S. cyber infrastructure across numerous industries with a focus on gathering intelligence."((Goswami, R. (2023, May 24). //Microsoft warns that China hackers attacked U.S. infrastructure.// CNBC. http://archive.today/2023.05.24-213247/https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html)) The [[National Security Agency]] (NSA) followed up with a report of their own titled "People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection", co-published with the [[Cybersecurity and Infrastructure Security Agency]] (CISA), the [[Federal Bureau of Investigation]] (FBI), the [[Australian Cyber Security Centre]] (ACSC), the [[Canadian Centre for Cyber Security]] (CCCS), the [[New Zealand National Cyber Security Centre]] (NCSC-NZ) and the [[United Kingdom National Cyber Security Centre]] (NCSC-UK).((//People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection.// (2023, May 24). National Security Agency. https://web.archive.org/web/20230525163919/https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF))
 +
 +[[Secureworks]] published their own statement concurrently, describing their own analysis of the group's activities.((Secureworks Counter Threat Unit. (2023, May 24). //Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations.// Secureworks. http://archive.today/2023.05.25-155704/https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations))
Back to top