Posted on 05/24/2023 1:17:52 PM PDT by McGruff
Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. Observed behavior suggests that the threat actor intends to perform espionage and maintain access without being detected for as long as possible.
(Excerpt) Read more at breaking911.com ...
Alas, security that depends on the expertise, diligence and loyalty of humans is bound to fail.
>>Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices. Microsoft continues to investigate Volt Typhoon’s methods for gaining access to these devices.
>>The threat actor attempts to leverage any privileges afforded by the Fortinet device, extracts credentials to an Active Directory account used by the device, and then attempts to authenticate to other devices on the network with those credentials.
>>Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers). Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the internet. Owners of network edge devices should ensure that management interfaces are not exposed to the public internet in order to reduce their attack surface. By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.
This will be a never-ending struggle for us as well as them. For everyone.
I’m glad they caught this, but rest assured there is a lot more out there, every day, every hour, every minute.
And we are spying on them, and are trying to infiltrate, skew, mess up and dominate in cyberspace, just like everywhere else, as is everyone else.
And I even think it is justified, as they think the same.
Every system connected is a potential access point for all of this. However, the good and profit we get from these connected systems also has its weakness.
Be ever vigilant.
It isn’t espionage if the President of the USA works for you and is paid handsomely for the information
.
China is not a COMPETITOR; they are the ENEMY.
They are getting ready for the invasion of Taiwan.
But keep using TikTok, morons.
Maybe they can improve Windows 11...
There are tens of thousands of Chinese students at American Universities. Pretty much all are spying for the CCP in some capacity.
Which begs the question, how much of the COVID fraud $$ went to ChyNa? Unemployment Insurance, Payroll Protection, Shared Work et al? Asking for the Taxpayers.
They are just being competitive. C’mon man.
Related to the balloon flyover that Biden just brushes off.
Don’t we have nuclear “deterrent “ on Guam?
Ironically, that was the slogan of my old unit, ASA--the US Army Security Agency--which was disbanded by the "geniuses" in the Pentagon.
Maybe for theory Taiwan attack
I expect to hear more and more egregious acts about China. They need us primed and accepting of their moves towards China. I hardly expect this administration to go to congress for ‘permission’ tho.
If I have this [marginally / mostly] right, in my own manner of trying to make the info simple . . .
Because some computer users choose weak passwords (and weak username and password combinations), and because network protection is weak for some networks that do not take precautions that would block external attacks . . .
A malicious hacker can take advantage of the weaknesses and succeed at gathering from a relatively exposed Windows OS computer, the username and password combination (credentials) of an account for, and access to, an Internet server of interest.
Then, the hacker proceeds to:
- collect other credentials (including digital certificates and cookies)
- collect the hash data for username and password combinations
- plant a (domain control media) script by which to assist with future access
Later and off-site, the hacker, with software that uses the stolen hash data and other credentials . . . is able to determine at least some additional username and password combinations.
The details:
Suggestions:
Choose strong passwords. Bare minimum of 14 characters, but longer are much preferred.
Use a unique password for each account.
Use a unique username for each account.
If the account requires an e-mail address for the username, then create a unique alias e-mail address (see instructions at your e-mail host).
Require a strong username and strong password for administrative access to any network router, modem, DNS server, and DHCP server.
And, require a strong username and strong password for administrative access to any network switch.
They own the president. Why bother hacking anything?
All right, calm down people. I have it on good authority (Pres. Biden) that the Chinese are good people and the real threat is White Supremacists.
Yeah, I dig it. You all go on with your small talk.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.