Microsoft detected Chinese state-backed hackers implementing cyberespionage malware in Guam. The small U.S. territory hosts a large military presence and is key to U.S. strategic depth in the Pacific. Microsoft dubbed the operation Volt Typhoon and discovered attempts to access post-compromise credential access and network system discovery.
Microsoft released a statement that accused a Chinese APT of pursuing capabilities to disrupt communications between mainland U.S. and Asia in the event of future military action. To obfuscate the source of their activity, the hacker outfit gains access to target companies using internet-facing FortiGuard devices and attaches to compromised small office/small home routers. Microsoft urged network edge device users to keep management interfaces hidden from the public internet. Mandiant analysts also recognized the APT from various past attacks targeting air, sea, and land transportation organizations. The analyst reaffirmed that China seeks to implement long-lasting stealth intrusions into critical infrastructure in the event of future conflict.
Read More: