Cyber Affairs
No Result
View All Result
  • Login
  • Register
[gtranslate]
  • Home
  • Live Threat Map
  • Books
  • Careers
  • Latest
  • Podcast
  • Popular
  • Press Release
  • Reports
  • Tech Indexes
  • White Papers
  • Contact
Social icon element need JNews Essential plugin to be activated.
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
COMMUNITY
NEWSLETTER
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
NEWSLETTER
No Result
View All Result
Cyber Affairs
No Result
View All Result
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023

admin by admin
Feb 15, 2024
in News
A A
0

VOLTZITE, a designated threat group, has been discovered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which overlaps with the Volt Typhoon threat group.

This particular threat actor has been targeting since early 2023 and specifically targets emergency management services, telecommunications, satellite services, and the defense industrial base.

Moreover, this particular threat group also uses Living off the Land (LOTL) techniques and native tools available on compromised assets. Additionally, VOLTZITE also performs slow and steady reconnaissance to evade detections for a long time.

Document

Live Account Takeover Attack Simulation

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks

.


Technical Analysis

According to the reports shared with Cyber Security News, VOLTZITE deploys various web shells and FRP for Command and control communications.

The threat actor utilizes stolen credentials and compromises SOHO (Small Office and Home Office) networking equipment to facilitate lateral movement.

Their activity has been observed since early 2023, but there are speculations that the threat group existed since 2021. As of Early 2023, the threat group was discovered to be related to an incident that involved the US Territory of Guam compromise. 

Other notable activities were in June 2023 (United States emergency management organization) and January 2024 (US telecommunication provider’s external network gateways and a large US city’s emergency services GIS network).

In December 2023, the VOLTZITE was discovered to be involved in exploiting ICS VPN zero-day vulnerabilities alongside the other threat group UTA0178. Some of the applications the threat group exploited are as follows

  • Fortinet Fortiguard
  • PRTG Network Monitor Appliances
  • ManageEngine ADSelfService Plus
  • FatePipe WARP
  • Ivanti Connect Secure VPN
  • Cisco ASA

As for the LOTL techniques, the threat group uses several Windows tools which are

  • Certutil
  • dnscmd
  • Ldifde
  • Makecab
  • net user/group/use
  • netsh
  • nltest
  • ntdsutil
  • PowerShell
  • reg query/save
  • systeminfo
  • tasklist
  • wevtutil
  • wmic
  • xcopy

Dragos has published a complete report providing detailed information about this threat group, exfiltration methods, Lateral movement, and others.

Read the full article here

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

[mc4wp_form id=”387″]

Recent News

  • Understanding the Implications & Guarding Privacy- Axios Security Group
  • Hackers Actively Using Pupy RAT to Attack Linux Systems
  • Buckle Up_ BEC and VEC Attacks Target Automotive Industry

Topics

  • AI
  • Books
  • Careers
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • News
  • Podcast
  • Reports
  • Tech Indexes
  • Uncategorized
  • White Papers

Get Informed

[mc4wp_form id=”387″]

Social icon element need JNews Essential plugin to be activated.

Copyright © 2022 Cyber Affairs. All rights reserved.

No Result
View All Result
  • Home
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

Copyright © 2022 Cyber Affairs. All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.