[[{“value”:”
VOLTZITE, a designated threat group, has been discovered by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which overlaps with the Volt Typhoon threat group.
This particular threat actor has been targeting since early 2023 and specifically targets emergency management services, telecommunications, satellite services, and the defense industrial base.
Moreover, this particular threat group also uses Living off the Land (LOTL) techniques and native tools available on compromised assets. Additionally, VOLTZITE also performs slow and steady reconnaissance to evade detections for a long time.
Document
Live Account Takeover Attack Simulation
How do Hackers Bypass 2FA?
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks
.
Technical Analysis
According to the reports shared with Cyber Security News, VOLTZITE deploys various web shells and FRP for Command and control communications.
The threat actor utilizes stolen credentials and compromises SOHO (Small Office and Home Office) networking equipment to facilitate lateral movement.
Their activity has been observed since early 2023, but there are speculations that the threat group existed since 2021. As of Early 2023, the threat group was discovered to be related to an incident that involved the US Territory of Guam compromise.
Other notable activities were in June 2023 (United States emergency management organization) and January 2024 (US telecommunication provider’s external network gateways and a large US city’s emergency services GIS network).
In December 2023, the VOLTZITE was discovered to be involved in exploiting ICS VPN zero-day vulnerabilities alongside the other threat group UTA0178. Some of the applications the threat group exploited are as follows
Fortinet Fortiguard
PRTG Network Monitor Appliances
ManageEngine ADSelfService Plus
FatePipe WARP
Ivanti Connect Secure VPN
Cisco ASA
As for the LOTL techniques, the threat group uses several Windows tools which are
Certutil
dnscmd
Ldifde
Makecab
net user/group/use
netsh
nltest
ntdsutil
PowerShell
reg query/save
systeminfo
tasklist
wevtutil
wmic
xcopy
Dragos has published a complete report providing detailed information about this threat group, exfiltration methods, Lateral movement, and others.
The post Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023 appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
