The employment of hackers to gather intelligence data is prevalent in practically every nation on earth. Intelligence organisations like the Fancy Bear and Equation Group are used by both the US and Russia.
Microsoft Corp. stated last week that Volt Typhon was "pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises." Concern over the relationship between China and the US on Taiwan immediately arose after this statement. Pacific-wide cyberattacks may result from disputes between the US and China.
What precisely is a Volt Typhoon?
A suspected hacker organisation goes by the name of "Volt Typhoon." The gang is thought to have China's support. The Volt Typhoon is reported to be capable of both digital sabotage and intelligence gathering.
Is the Volt Typhoon a genuine threat to the infrastructure of the United States, or is it merely a new network of digital spies?
Potential threats
The American infrastructure is thought to be seriously threatened by the Volt Typhoon. The following are potential risks to the group:
Espionage concerns: Spying is a concern for experts. In the midst of tensions over Taiwan, experts believe Volt Typhoon is a group of hackers ready to attack the American infrastructure.
The assessment of Microsoft is given a "moderate confidence" rating, which denotes that the idea is plausible and backed by reliable sources but is not yet fully supported. Few experts believe there is any proof of sabotage planning, despite the fact that many researchers have discovered and evaluated the group's many elements.
According to Marc Burnard and Secureworks, the Volt Typhoon currently appears to be designed to steal data from organisations that hold information about the U.S. government or military.
Volt Typhoon is known as the "Bronze Silhouette" by Secureworks, and according to Marc Burnard, its primary function is espionage.
Sneaky storm: Almost all cyber spies try to hide their tracks; Microsoft and other analysts believe Volt Typhoon was a quiet operator who camouflaged its activity by passing it through hijacked network equipment such as residential routers. These are well-planned wiped proof of intrusion from the victim's logs.
China, on the other hand, has consistently denied any involvement in the Volt Typhoon cyberattack. However, Beijing has been preparing documentation of cyberespionage efforts for more than two decades. Spying has become a major emphasis in the recent decade, since Western experts have linked breaches to specific units of the People's Liberation Army. US law enforcement has indicted a slew of Chinese operatives with eavesdropping on US secrets.
According to Secureworks in a blog post, the Volt Typhoon's interest in operational security may stem from the US claims, as well as increased pressure from Chinese leaders to refrain from scrutinising cyberespionage acts.
Mitigation tips
In line with Microsoft's research on Volt Typhoon, spotting an activity that exploits standard sign-in channels and system binaries necessitates behavioural monitoring, and remediation necessitates shutting or resetting credentials for compromised accounts. In these circumstances, Microsoft recommends that security operations teams investigate the activities of compromised accounts for any dangerous actions or exposed data.
