(Central News Agency reporter Chen Yunyu, London, 25th) The United States, the United Kingdom and other “Five Eyes” countries have warned that Volt Typhoon, a hacker organization supported by the government of the People’s Republic of China, has recently been found to attack critical infrastructure in the United States and may use the same techniques to attack other countries in the world. Local and non-infrastructural areas.
The US National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the UK National Cyber Security Center (NCSC) and relevant government agencies in Canada, Australia, and New Zealand on the 24th Issue a joint warning, listing the attack path and strategy of Volt Typhoon (Volt Typhoon). The United States, the United Kingdom, Canada, New Zealand, and Australia have jointly formed the intelligence-sharing alliance “Five Eyes” (Five Eyes).
The Five Eyes Alliance warned that Volt Typhoon mainly uses “living off the land” techniques to launch attacks, that is, using tools and services that already exist in the target system to achieve its goals. By blending into normal Windows system and network activity, hackers avoid detection, reduce criminal traces, and make it harder for systems and experts to spot malicious behavior.
Currently known system built-in tools used by Volt Typhoon include wmic, ntdsutil, netsh, and PowerShell; intrusion routes include small business and home office (SOHO) networks and virtual private network (VPN) devices, open source tools (open-source) tools) etc.
Microsoft Corporation (Microsoft) also released security threat intelligence on the 24th, and also clearly pointed out that Volt Typhoon attacked critical infrastructure in the United States. Based in China and funded by the state, Volt Typhoon will become active in mid-2021, mainly engaged in espionage and information gathering activities.
Volt Typhoon is not the first attack on US infrastructure. Microsoft pointed out that in the latest wave of attacks, Volt Typhoon’s attack scope spans maritime affairs, communications, manufacturing, transportation, construction, information technology, education, public facilities and other fields, as well as government departments.
Microsoft initially determined that the goals of Volt Typhoon’s operation included spying, as well as maintaining the intrusion of the system without being detected, and the intrusion time “as long as possible.”
According to Microsoft’s assessment, it is not ruled out that Volt Typhoon’s latest wave of operations is a preparation for a larger-scale attack in the future: destroying the critical infrastructure of communication between the United States and Asia. (Editor: Yang Zhaoyan) 1120526