Microsoft has identified a Chinese cyberespionage group known as Volt Typhoon, which has been conducting targeted attacks on critical infrastructure organizations across the United States, including Guam, since mid-2021. <\/p>\n\n\n\n

The group’s activities span various sectors, such as government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education. <\/p>\n\n\n\n

Microsoft’s Threat Intelligence team believes that Volt Typhoon aims to develop capabilities that could disrupt vital communications infrastructure between the United States and Asia during future crises.<\/p>\n\n\n\n

Who is Volt Typhoon and what are their targets? <\/strong><\/h2>\n\n\n\n

Volt Typhoon <\/strong>is a Chinese cyberespionage group identified by Microsoft. They have been targeting critical infrastructure organizations in the United States, including Guam, since mid-2021. <\/p>\n\n\n\n

Their targets encompass sectors like government, maritime, communications, manufacturing, information technology, utilities, transportation, construction, and education.<\/p>\n\n\n\n

What is the objective of the Volt Typhoon campaign? <\/strong><\/h2>\n\n\n\n

The Volt Typhoon campaign, according to Microsoft’s assessment, aims to develop capabilities that could disrupt critical communications infrastructure between the United States and the Asia region during future crises.<\/p>\n\n\n\n

How does Volt Typhoon gain access to targeted networks? <\/strong><\/h2>\n\n\n\n

Volt Typhoon initially compromises Internet-exposed Fortinet FortiGuard devices by exploiting an undisclosed zero-day vulnerability. <\/p>\n\n\n\n

Once inside the networks, they employ “living-off-the-land” tactics, utilizing hands-on-keyboard activity and living-off-the-land binaries (LOLBins), such as PowerShell, Certutil, Netsh, and the Windows Management Instrumentation Command-line (WMIC).<\/p>\n\n\n\n