Microsoft says China installed malware in US systems in Guam

Custom tools help them set up a command and control channel through a proxy that keeps their info secret

China may have conducted digital espionage against the US’ Pacific interests. Microsoft and the National Security Agency (NSA) have revealed that an alleged state-sponsored Chinese hacking group, Volt Typhoon, installed surveillance malware in “critical” systems on the island of Guam and elsewhere in the US.

The group has been operating since mid-2021 and reportedly compromised government organizations as well as communications, manufacturing, education and other sectors.

Volt Typhoon prioritizes stealth, according to the investigators. It uses “living off the land” techniques that rely on resources already present in the operating system, as well as direct “hands-on-keyboard” action.

They use the command line to scrape credentials and other data, archive the info and use it to stay in targeted systems.

They also try to mask their activity by sending data traffic through small and home office network hardware they control, such as routers.

Custom tools help them set up a command and control channel through a proxy that keeps their info secret.

The malware hasn’t been used for attacks, but the web shell-based approach could be used to damage infrastructure. Microsoft and the NSA are publishing info that could help potential victims detect and remove Volt Typhoon’s work, but they warn that fending off intrusions could be “challenging” as it requires either closing or changing affected accounts.

Source : protothema.gr