Volt Typhoon: Microsoft says China-Sponsored Hacking Group Targeting Critical U.S. Infrastructure
Microsoft advised that compromised accounts should be closed or their credentials should be changed.
Tech giant Microsoft has said that it has uncovered "stealthy and targeted malicious activity" focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.
In a blog post on Wednesday, Microsoft alleged that the attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering.
According to Microsoft, Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
The company said that Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.
"In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors," Microsoft said.
Volt Typhoon behaviour suggests that they intend to perform espionage and maintain access without being detected for as long as possible.
Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices, Microsoft said.
In its detailed report, the tech company advised that compromised accounts should be closed or their credentials should be changed.
"Mitigate the risk of compromised valid accounts by enforcing strong multi-factor authentication (MFA) policies using hardware security keys or Microsoft Authenticator," Microsoft said.
Passwordless sign-in, password expiration rules, and deactivating unused accounts can also help mitigate risk from this access method, it added.
