The newly discovered Chinese nation-state actor known as Volt Typhoon has been observed to be active in the wild since at least mid-2020, with the hacking crew linked to never-before-seen tradecraft to retain remote access to targets of interest.
The findings come from CrowdStrike, which is tracking the adversary under the name Vanguard Panda.
“The adversary consistently employed ManageEngine Self-service Plus exploits to gain initial access, followed by custom web shells for persistent access, and living-off-the-land (LotL) techniques for lateral movement,” the cybersecurity company said.
Volt Typhoon, as known as Bronze Silhouette, is a cyber espionage group from China that’s been linked to network intrusion operations against the U.S government, defense, and other critical infrastructure organizations.
An analysis of the group’s modus operandi has revealed its emphasis on operational security, carefully using an extensive set of open-source tools against a limited number of victims to carry out long-term malicious acts.
images from Hacker News