Five Eyes alliance

International Cybersecurity Authorities Issue Joint Advisory on China-Backed Cyber Actor Volt Typhoon

Cybersecurity authorities from the Five Eyes intelligence alliance have issued a joint cybersecurity advisory to warn information technology professionals and organization managers on the primary tactics, techniques and procedures of China-based state-sponsored cyber actor Volt Typhoon that are typically focused on espionage and information gathering. The authorities have recently discovered a cluster of activities of interest associated with the cyber actor focused on credential access and network system discovery aimed at critical infrastructure organizations in the U.S., which could also disrupt critical communications infrastructure between the U.S. and the Asian region, the Cybersecurity and Infrastructure Security Agency said.

Volt Typhoon has been active since mid-2021 and has employed living-off-the-land techniques, which use built-in network administration tools such as wmic, ntdsutil, netsh and PowerShell to achieve bjectives while evading detection by blending in with normal Windows system and network activities, avoiding endpoint detection and response products.