ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA

World Hal Turner 24 May 2023 Hits: 26179

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.

The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.

To achieve their objective, the threat actor puts strong emphasis on stealth in this campaign, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. They issue commands via the command line to (1) collect data, including credentials from local and network systems, (2) put the data into an archive file to stage it for exfiltration, and then (3) use the stolen valid credentials to maintain persistence. In addition, Volt Typhoon tries to blend into normal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.

Volt Typhoon is targeting critical infrastructure providers, and using tactics for achieving and maintaining unauthorized access to target networks. Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this attack could be challenging.

Compromised accounts must be closed or changed. At the end of this blog post, we share more mitigation steps and best practices, as well as provide details on how Microsoft 365 Defender detects malicious and suspicious activity to protect organizations from such stealthy attacks. The National Security Agency (NSA) has also published a Cybersecurity Advisory [PDF] which contains a hunting guide for the tactics, techniques, and procedures (TTPs) discussed in this blog.

Comments

+1 # ALERT!!! — MECHENG 2023-05-25 14:41

In Pewaukee, WI. Second day in a row Blackhawk landed at a very small airport, no jets only piper cub planes and ultra lights. NO TRANSPONDER on Blackhawk. Flew by my window, did a ADS flight tracker, no ID. Same time about 13:35.

Has anyone seen activity of Blackhawks at tiny airports? Very concerned.

# #ALERT!!! — AMB1970 2023-05-26 01:39

Yes, Piedmont, SC. Blackhawks have been on a regular schedule at our small airport for months. As well as planes from Mexico (coming out of Texas) landing in the middle of the night at same small airport that supposedly closes at dusk.

We are extremely concerned over the activity.

# RE: ALERT!!! — PrivateJohn3:16 2023-05-25 15:25

I am near a tiny airport that is primarily used for training amateur pilots. It is in between two regional airports. Each of these airports mentioned is in a different state in a tristate area. I have noticed a very high uptick in activity. Wright Patterson is a couple hours away, also, but I am not close enough to monitor Wright Patt. I am just a local who has lived here since birth, and I am able to say very confidently that activity has highly increased. I hear the planes, I see them. Some are commercial, some are not. I see what I'm assuming are news helicopters closer to the ground. I haven't seen any Blackhawks yet.

+1 # ALERT!!! — MECHENG 2023-05-25 16:03

The little airport is right next to a major east west divided HWY. Memorial Weekend, just strange and concerning.

+2 # Fear...always more fear... — WilliamtheResolute 2023-05-25 08:32

My government working to protect me...I doubt it.

+3 # Powers going out — Srmay72 2023-05-25 08:02

East central Indiana our power company is working full speed they bought tons of new transformers all sizes they don't have any new service scheduled one substation has hundreds of new transformers sitting there yesterday loads of HUGE SUBSTATION TRANSFORMERS CAME I DO BELIEVE SOMETHING "BIG" COMING THAT WILL BURN DOWN THE GRID AND THEN BLAME CHINA

# US Moves to Pull Chinese Equipment From Its Power Grid — paulattahoe 2023-05-25 17:15

This has been going on since 2020. The Chinese transformers are made to be very easily hacked from offshore.

https://www.voanews.com/a/east-asia-pacific_voa-news-china_us-moves-pull-chinese-equipment-its-power-grid/6188992.html

+1 # Hmmmm — 389rivka@gmail.com 2023-05-25 09:49

That’s not an “overnight “ kind of purchase….like nuts & bolts. There is a considerable lag time between ordering and delivery of transformers. Doesn’t that imply…someone knew something for sometime now.
Hmmm

+6 # RE: ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA — RAFO 2023-05-25 07:11

Microsoft is reporting this?? They’re reporting on what a Chinese company is doing?? All these globalists are in the same bed. Sorry, but something’s rotten in Denmark. I don’t trust big Bill’s company to tell me the truth about anything!

-1 # Not that bad — thereportlink@gmail.com 2023-05-25 06:08

This CISA announcement is not that bad really. The APT group is only able to penetrate SOHO firewalls, not corporate-grade ones. Living off the land is easy with stolen creds, but unless it is a firewall administrator’s so they can reconfigure the firewall (which also would set off alarms) they would have a very hard time getting any data out of a protected network. There are ways like DNS tunneling and such, but I see no way worse threats than this literally every day. Just sayin..

+2 # RE: ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA — PrivateJohn3:16 2023-05-25 05:11

Why is this occurring at the same time that the 50 satellite phones are given to senators? All were offered them, supposedly, half took them. Is there a connection there, literally? A direct line? To take commands, perhaps? To give intel?

+11 # Hal Turner — PrivateJohn3:16 2023-05-25 04:13

I believe your previous Biblical post led some to Jesus Christ, between yourself and your subscribers. I felt the Holy Spirit many times as a result of reading the comments. This is the Great Commission, the work the Lord requested of us, to spread the Gospel. By using the tools of our generation, we truly spread the Gospel. I genuinely smiled today for the first time in many years, the kind that made my face vibrate and shine with joy. Congratulations to you, Hal Turner, for opening some to God. May God have mercy on us all, and spare as many as is His will, in the name of Jesus Christ. His name will become illegal, so write it in your hearts.

+1 # Wtf — drywall181 2023-05-24 23:24

At the edge in Russia, Poland threatens to enter Belarus, Germany going to ship long range missel, and we get this? And Tina Turner?

+1 # RE: Wtf — PrivateJohn3:16 2023-05-25 04:15

It's a scrimmage, not the game.

+4 # WAKE ME WHEN IT'S OVER — zoochman 2023-05-24 21:21

What other data could China want other than TIK TOK and language interpreters? Anyone who still has money in a bank is a fool and really, who needs a phone anyways? With police defunded, you're really on your own.

# RE: WAKE ME WHEN IT'S OVER — PrivateJohn3:16 2023-05-25 05:30

Satellite phones?

+11 # Everybody does this. — Chappyusa1 2023-05-24 20:59

Trust me, USA does it too. Russia does it. They all do. Nothing new under the sun.

+5 # cheaters cheaters — my-boss 2023-05-24 21:08

you got that right, lets hope the chinese screw up microsoft

+4 # Can we get a dumbed down version of what this all means — jddonahey1990 2023-05-24 20:46

Sum it up for me. I don't get it. In all fairness I had to stop reading multiple times because my kids needed things but yeah.

+2 # ?? — la0508 2023-05-24 20:34

And we know this isn't a false flag how? Interesting that we have already passed out free sat phones to the people who count. And told them to get into a bunker. I'm not saying something might not be going on, just questioning the source. Manufacturing consent and all. Getting us ready for something we wouldn't otherwise agree to.

+2 # RE: ?? — PrivateJohn3:16 2023-05-25 04:32

I think if there's an occurrence in US, it's ff. Blamed on another.

+4 # Micro$oft — unixguru24 2023-05-24 20:00

Also runs the software that most of our 911 centers use as well. Worth noting. I'm sure they are into other stuff that we wouldn't know about. Makes ya kinda feel all warm and fuzzy doesn't it?

-5 # █▓▒░ warm and fuzzy guru ░▒▓█ — Palehorse 2023-05-24 21:30

|

Quote:
warm and fuzzy
...

Kind of making a fool of yourself.
(Sarcasm)

+18 # All Microsoft is doing..... — Jdr211971 2023-05-24 19:56

All Microsoft is doing is allowing the Chicoms to do as they wish, but calling them out so as to have plausible deniability down the road.

+10 # RE: All Microsoft is doing..... — d_7 2023-05-24 20:00

treason

+4 # RE: ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA — d_7 2023-05-24 19:47

if an individual or business (or otherwise) runs their communications off a microsoft anything, there is one, and one word alone, for it

moronic

+13 # Any updates on... — dave0975644 2023-05-24 19:34

all the top US gov officials and congresscum
heading for their bunkers this weekend???

# Not mine — Jessiebeaner 2023-05-24 23:22

He is working

+3 # RE: Any updates on... — 389rivka@gmail.com 2023-05-24 19:46

Seems some state level “scum” have also been tapped to join in this exclusive jaunt…

# Which — Ted 2023-05-24 21:10

Ones do you know of, Rivka?

# RE: Which — 389rivka@gmail.com 2023-05-25 00:07

Several prominent dem governors but I’m sure they will deny if questioned….we’ll see if they are noticeably absent from public appearances over the holiday weekend, that should be telling…

# RE: ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA — Stefanjunior 2023-05-24 19:15

In the past, whatever US accused China or any other country of doing something shady it was a lie and it was the US that was actually doing that. Back in early 2000's some save screen software allegedly had Chinese hacking Spyware in it was actually done by the US. Or how about the accusations by US that China, Iran, and every nation US wanted to overthrow was torturing people and all kinds of other nasty stuff? Yeah it was the US running countless secret torture camps around the world, and still do. Say didn't some US SINators get satellite phones recently just incase? Well looks like we have a new whipping country when this just incase is activated. Remember US is the one who does something and points finger at others, like the fat bully that farted in class and accuses everyone else in the hopes of diverting attention from it self.

+8 # This one makes sense — WAFiddleFarmer 2023-05-24 19:52

China, with its highly regimented society has issues with creativity. They are always trying to steal our ideas. This is nothing new. This is why they send all their students that they want as spies to our universities.

+1 # Curious if you’ll be posting HTRS comment — 389rivka@gmail.com 2023-05-24 19:09

Seems this news item is dead center in your wheelhouse, Hal. Maybe on tonight’s broadcast….

+3 # RE: ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA — The Deplorable Renegade 2023-05-24 18:48

That's just like those chicom scumbags. No surprises here.

+6 # That's Not The Only Thing China is Doing. — Garyhines 2023-05-24 18:23

China's military is now simulating Attacks on U.S. Carrier Fleets . The United States would allow certain fleets to be blown up . This the beginning stages for the take down of the U.S. What Could Possibly go wrong at this point in time .

+11 # MICROSOFT .....hmmmm ....where have we heard that name ? ? — NHydg 2023-05-24 18:11

Oh yah ......that DEMON POSSESSED Bastard Bill Gates and CO. ....... WELL is it ANY wonder ...... Bill Gates is so tight with the Chinks that his eyes are starting to go slanted ....... AND HIS chinese buddies are tearing apart Microsoft ? ?....... hmmmmm What a shame ....uh ....SHAM

IF one is running Microsoft software .... YOU are OWNED by Microsoft ........

+1 # Hooyah — supporttheblue 2023-05-24 22:24

+4 # Microsoft....hmmmm..where have we heard that name?? — Lexie 2023-05-24 19:21

Although he has nothing to do with Microsoft have you ever looked at Biden and thought how much he looks Chinese apart from his old white skin?

+3 # .......hmmmm — Jdr211971 2023-05-24 19:52

Which Biden is that one I wonder. There's definitely more than one.

+4 # Cocane Mitch — MountainMan 2023-05-24 19:07

Don't forget "cocane" Mitch McConnell either.

+1 # Got that right — unixguru24 2023-05-24 18:20

OpenBSD all the way. Or Solaris, but older and minus the GUI. Windows is like Swiss cheese

Refresh comments list
RSS feed for comments to this post

JComments

by sur.ly

100% Trusted Informational Platform Website 2021

Translate

World

ALERT ISSUED: China CCP Attacking Communications Infrastructure in USA

Comments

About