Cyber Advisory: Volt Typhoon

August 16, 2023 - Arkansas Cybersecurity Advisory

Cyber Advisory on Volt Typhoon

In the last few months, a stealthy and targeted malicious cyber campaign has targeted critical infrastructure organizations within the United States, posing a threat to both private and public sectors. The attackers, known as Volt Typhoon, which is an Advanced Persistent Threat (APT) group state-sponsored by China’s People's Liberation Army, demonstrate a proficiency in blending their activities with regular network traffic, making detection challenging. This attack method is referred to as "living-off-the-land" (LotL), leveraging existing network and administrative tools for their objectives. Volt Typhoon's reach has extended to critical infrastructure, military operations, and a wide array of public and private sectors. To safeguard against further risk, Forge Institute recommends implementing mitigation and protection strategies. Adhering to industry-standard best practices for countering LotL techniques is the recommended course of action to effectively mitigate this threat. For technical details, please review the joint agency advisory. 

References:

• microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/ 

• https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a