Agencies Warn of State-Sponsored Volt Typhoon’s Hacking Tactics

In collaboration with international and private sector partners, CISA released a new advisory warning network defenders of PRC-linked Volt Typhoon’s infiltration tactics. 

Federal agencies added another state-sponsored cyber threat to the growing catalog of digital dangers on Thursday, naming Volt Typhoon as a malicious cyber actor with ties to the Chinese government in a new multi-agency advisory. 

Issued by the Cybersecurity and Infrastructure Security Agency, the National Security Agency  and the Federal Bureau of Investigation alongside international security organizations based in Australia, New Zealand, Canada, and the United Kingdom––a collective known as the Five Eyes––the notice discusses Volt Typhoon’s signature techniques and attack patterns.

Among its defining traits are infiltrating private networks by blending in with normal Windows system activities to avoid detection. Built-in tools this actor often utilizes include wmic, ntdsutil, netsh and PowerShell—code first identified by Microsoft as the company warned of Volt ...