Peoples Republic Of China State-Sponsored Cyber Actor Living Off The Land To Evade Detection

skywatcg-alert-2

  • ransom-4

    TLP-GREEN


Researchers have discovered a new Chinese-sponsored actor dubbed Volt Typhoon targeting critical infrastructures from United States to obtain sensitive information.

The conducted attacks have been performed to evade detection as long as possible.

To achieve that they have mainly leveraged legit Windows applications also known as living-off-the-land binaries (LOLBins) to perform different tasks such as credential access or information discovery.

Also Volt Typhoon has used well-known open-source tools such as Impacket or Fast Reverse Proxy (FRP) to establish a command and control channel over proxy.

SkyWatchSM Alert Legend

  • small-bell

    Warning

  • active-threat0-lt-green

    Active Threat

  • malware-lt-green

    Malware

  • ransome-lt-green

    Ransomware

  • warning-green

    Phishing

  • file-green

    Network/IOT

Glesec Information Sharing Protocol

GLESEC CYBER SECURITY INCIDENT REPORTS are in compliance with the U.S. Department of Homeland Security (DHS) Traffic-Light Protocol (TLP).

  • TLP-White

    Disclosure is Not Limited.

  • TLP-Green

    Limited Disclosure, Restricted Only to the Community.

  • TLP-Amber

    Limited Disclosure, restricted to the Participant's Organization.

  • TLP-Red

    Not for Disclosure, Restricted/ Classified - Only Shared with US DHS.

Discover Glesec.

Authority. Consistency.

Sign-up today for SkywatchSM Alerts.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.