Microsoft on Wednesday issued a warning about a Chinese state-sponsored cyber actor, Volt Typhoon, who is allegedly using stealthy techniques while targeting critical infrastructure and conducting information gathering in the United States, APA reports citing Sputnik.
"Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering," Microsoft said in a blog post.
Microsoft pointed out that it is moderately confident that Volt Typhoon is developing capabilities that could potentially disrupt critical communications infrastructure between the United States and Asia during a crisis.
The actor has allegedly been active since the middle of 2021 and has targeted infrastructure organizations in Guam and in the United States in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors, according to the warning.
In parallel to Microsoft’s warning, a range of United States agencies, including the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Federal Bureau of Investigation, as well as international cybersecurity partners issued a joint cybersecurity advisory on the discovery.
The advisory notes the actor evades detection by blending in with regular Windows systems and network activities that would otherwise alert on the installation of third-party applications as part of its living off-the-land tactic, which uses built-in network administration tools.