Microsoft has announced that it has discovered state-sponsored Chinese malware in critical infrastructure organisations in Guam and elsewhere in the United States.
The Redmond technology giant says they traced the attack to a Chinese state-sponsored actor, Volt Typhoon, who has been active since mid-2021 and has targeted organizations dealing with communications, transportation, construction, maritime, government, information technology, utility, manufacturing and education.
Also Read | Microsoft launches Fabric, a new integrated platform for data analytics, management and machine learning
Volt Typhoon used 'Living-Off-the-Land' techniques to execute the attack. These techniques do not require a threat actor to install any code or scripts to take control of the system.
Instead, they use native tools already present within the system to issue commands manually and run scripts. This makes them harder to detect, since they use no pre-designed code to infiltrate a system.
Also Read | Bill Gates says top AI agent poised to replace search, shopping businesses
Using these techniques, an attacker can gain control of the command line and collect data, export it and finally, maintain access to the system through stolen credentials. The attacker is also known to mask their identity using vulnerabilities in small and home office networks.
Microsoft has observed Volt Typhoon, "using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar".
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
