top of page

Volt Typhoon in US Critical Infrastructure

May 30, 2023

Aims to disrupt comms between US and Asia in future crises

Microsoft has uncovered some sneaky, targeted malicious activity going on. And guess who's behind it? Volt Typhoon, a state-sponsored actor from China. These guys are no amateurs. They're known for their espionage and information gathering skills. And this time, they've got their sights set on critical infrastructure organizations in the good ol' US of A. Their goal? To disrupt critical communications infrastructure between the United States and Asia during future crises. 

The Volt Typhoon crew has been up to no good since mid-2021, targeting critical infrastructure organizations in Guam and other parts of the US. And they're not picky. 

Volt Typhoon is all about stealth. They love their living-off-the-land techniques, doing everything on the down-low. They're collecting data, snatching credentials from local and network systems, and staging it all for exfiltration. They're using stolen valid credentials to keep their access going undetected. These guys are masters of blending in. 

They route their traffic through compromised small office and home office network equipment like routers, firewalls, and VPN hardware. Talk about going incognito! And to stay under the radar even further, they've got their own versions of open-source tools for that extra stealthy command and control action.

Microsoft’s blog has tons of details and lots of specific recommendations, settings, configurations, and queries for you to use to search for and block these bad guys in your own systems.

bottom of page