Access Denied

This page requires users to be logged in and using a specific plan to access its content.

If you believe this is an error or need help, please contact
support@cybernewscentre.com


Login or Sign Up
⭠ Back

Cybersecurity Advisory June 2023 - PRC State-Sponsored Cyber Actor Volt Typhoon

Add to favourites
Remove from favourites
Loading...
CISA advisory following Volt Typhoon, a Chinese state-backed actor, infiltrates U.S. sectors using stealth techniques. The advisory provides detection strategies, including signs of compromise and exploited tools.
Copy Page Link
CISA
Editor Alexis Pinto
May 29, 2023

https://www.cybernewscentre.com/plus-content/content/cybersecurity-advisory-for-june-2023-prc-state-sponsored-cyber-actor-volt-typhoon

You have viewed 0 of your 5 complimentary articles this month.
You have viewed all 5 of your 5 complimentary articles this month.
This content is only available to subscribers. Click here for non-subscriber content.
Sign up for free to access more articles and additional features.
Create your free account
follow this story

A joint Cybersecurity Advisory (CSA) has been issued by several international cybersecurity authorities, including the U.S. National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), and agencies from Australia, Canada, New Zealand, and the UK. The advisory warns of a recent surge in cyber activities traced back to a People's Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. This actor has been found to infiltrate networks across U.S. critical infrastructure sectors, a tactic that could potentially be used against other sectors worldwide.

The advisory provides an overview of hunting guidance and best practices to detect these activities. Volt Typhoon utilises a tactic known as "living off the land," which involves using built-in network administration tools to blend in with typical system activities, thereby evading detection. Notably, the tools exploited by this actor include wmic, ntdsutil, netsh, and PowerShell.

Furthermore, the advisory sheds light on technical details, background information, and potential indicators associated with these techniques. Network and host artefacts, from compromised small office/home office (SOHO) network devices to the usage of Windows management instrumentation (WMI/WMIC), PowerShell, Netsh, and Ntdsutil, provide concrete examples of the strategies employed by Volt Typhoon.

In response to these cyber threats, the advisory recommends employing best practice network security and endpoint detection and response (EDR) products, a robust patch management program, a least privilege access model, and regular data backups protected from unauthorised access. It also encourages the use of strong, unique passwords and enabling multi-factor authentication wherever possible.

This advisory represents a critical step in ensuring international cooperation in cybersecurity and offering guidance to network defenders to detect and mitigate potential threats linked to state-sponsored cyber activities.

Sources:

A joint Cybersecurity Advisory (CSA) has been issued by several international cybersecurity authorities, including the U.S. National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), and agencies from Australia, Canada, New Zealand, and the UK. The advisory warns of a recent surge in cyber activities traced back to a People's Republic of China (PRC) state-sponsored cyber actor known as Volt Typhoon. This actor has been found to infiltrate networks across U.S. critical infrastructure sectors, a tactic that could potentially be used against other sectors worldwide.

Get access to more articles for free.
Create your free account
Cyber Security
Articles
United States of America
Cyber Hack
Alert
Tips
CISA
Hide Me
Cyber Security
Articles
Americas
North America
United States of America
United States of America
Cyber Hack
Alert
Tips
CISA
Cyber Hack
Alert
Tips
CISA
Briefs

Growing Cyber Threats: SEA and Other U.S. Airports Face Escalating Attacks

The New Oil: AI and the Geopolitical Consequences of Technological Control

The Promise and Pitfalls of OpenSource AI in Europe

AI Regulation: The Global Dilemma for G7, G20, and Commonwealth Nations

Related
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades. The hacker group USDoD initially claimed responsibility, but conflicting reports suggest a more complex story.
Complimentary
Free
Opinion
Editor's Pick

National Public Data Hack Sends Shockwaves Through Cybersecurity Community

BlackSuit Ransomware Strikes Again! The notorious hackers behind last year's Dallas attack have rebranded as BlackSuit, now demanding $500 million in ransoms! The FBI and CISA confirm the group's new identity, with aggressive tactics and enhanced methods to pressure victims into paying up.
Complimentary
Free
Opinion
Editor's Pick

BlackSuit Ransomware Strikes, China-Linked Cyber Threats, and Data Breach Fines

Welcome to the AI Diplomat Series end-of-week roundup, where we dive into the latest developments in critical cyber security concerns surrounding AI platforms and the geopolitical race for AI dominance.
Complimentary
Free
Opinion
Editor's Pick

AI Diplomat Insight Series Part 3: The Geopolitical AI Race

More Cyber News