Cyber Security News

Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023

by Esmeralda McKenzie
written by Esmeralda McKenzie
Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023

Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023

Chinese Hackers Attacking U.S. Significant Infrastructure Since 2023

VOLTZITE, a designated threat group, has been stumbled on by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which overlaps with the Volt Storm threat group.

This particular threat actor has been concentrating on since early 2023 and particularly targets emergency management companies, telecommunications, satellite tv for laptop companies, and the protection industrial wrong.

Furthermore, this particular threat group additionally makes use of Residing off the Land (LOTL) ways and native instruments readily obtainable on compromised resources. Furthermore, VOLTZITE additionally performs slack and standard reconnaissance to evade detections for a in point of fact prolonged time.

Sage

Dwell Legend Takeover Assault Simulation

How manufacture Hackers Bypass 2FA?

Dwell assault simulation Webinar demonstrates varied techniques in which tale takeover can happen and practices to give protection to your web sites and APIs in opposition to ATO attacks .

Technical Analysis

In step with the reports shared with Cyber Security Data, VOLTZITE deploys varied web shells and FRP for Present and defend watch over communications.

The threat actor utilizes stolen credentials and compromises SOHO (Diminutive Deliver of enterprise and Residence Deliver of enterprise) networking instruments to facilitate lateral circulation.

Their activity has been observed since early 2023, nevertheless there are speculations that the threat group existed since 2021. As of Early 2023, the threat group used to be stumbled on to be connected to an incident that eager the US Territory of Guam compromise.

Other critical actions have been in June 2023 (United States emergency management organization) and January 2024 (US telecommunication supplier’s exterior network gateways and a trim US metropolis’s emergency companies GIS network).

In December 2023, the VOLTZITE used to be stumbled on to be eager about exploiting ICS VPN zero-day vulnerabilities alongside the opposite threat group UTA0178. Among the purposes the threat group exploited are as follows

  • Fortinet Fortiguard
  • PRTG Community Be conscious Residence equipment
  • ManageEngine ADSelfService Plus
  • FatePipe WARP
  • Ivanti Join Gain VPN
  • Cisco ASA

As for the LOTL ways, the threat group makes use of several Windows instruments that are

  • Certutil
  • dnscmd
  • Ldifde
  • Makecab
  • web user/group/use
  • netsh
  • nltest
  • ntdsutil
  • PowerShell
  • reg query/build
  • systeminfo
  • tasklist
  • wevtutil
  • wmic
  • xcopy

Dragos has printed a total document providing detailed files about this threat group, exfiltration techniques, Lateral circulation, and others.

Source credit : cybersecuritynews.com

Related Posts

Google Chrome 127 Released With Fix for Vulnerabilities...

CrowdStrike Details Incident Affected Millions of Windows Systems...

IPFire Unveils New Feature to Protect Systems from...

Play Ransomware Variant Attacking Linux ESXi Servers

Google Researchers Detailed Tools Used by APT41 Hacker...

Threat Actors Hijacking Facebook Accounts With Password Stealing...

Weekly Cyber Security News Letter – Data Breaches,...

CrowdStrike Releases Fix for Updates Causing Windows to...

Cisco Smart Software Manager Flaw Let Attackers Change...

Killer Ultra Malware Attacking EDR Tools From Symantec,...