This is an old revision of the document!
Volt Typhoon
Volt Typhoon is a codename for a hacking group described as being sponsored by the Chinese government.1)
History
Volt Typhoon has reportedly been in operation since mid-2021.2)
On May 24, 2023, Microsoft issued a warning that Volt Typhoon had “compromised 'critical' U.S. cyber infrastructure across numerous industries with a focus on gathering intelligence.”3) The National Security Agency (NSA) followed up with a report of their own titled “People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection”, co-published with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ) and the United Kingdom National Cyber Security Centre (NCSC-UK).4)
1)
, 3)
Goswami, R. (2023, May 24). Microsoft warns that China hackers attacked U.S. infrastructure. CNBC. http://archive.today/2023.05.24-213247/https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html
2)
Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Microsoft Security Blog. http://archive.today/2023.05.25-103813/https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
4)
People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. (2023, May 24). National Security Agency. https://web.archive.org/web/20230525163919/https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF