What is a Volt Typhoon?

1 min read
What is a Volt Typhoon? Blog Image


The United States government recently shut down a major China-backed hacking group dubbed "Volt Typhoon" that attacked hundreds of routers and had been working to compromise U.S. cyber infrastructure.

About Volt Typhoon

  • It is a state-sponsored hacking group based in China that has been active since at least 2021. 
  • The group typically focuses on espionage and information gathering. 
  • It has targeted critical infrastructure organizations in the US, including Guam. 
  • To achieve their objective, the threat actor puts strong emphasis on stealth, relying almost exclusively on living-off-the-land techniques and hands-on-keyboard activity. 
  • The recurring attack pattern of Volt Typhoon begins with initial access via exploitation of public-facing devices or services.
  • Volt Typhoon employs the comparatively uncommon practice of leveraging preinstalled utilities for most of their victim interactions.
  • Compromised small office/home office (SOHO) devices are used by the attackers to proxy communications to and from the affected networks.
  • They issue commands via the command line to (1) collect data, including credentials from local and network systems: (2) put the data into an archive file to stage it for exfiltration: and then (3) use the stolen valid credentials to maintain persistence. 
  • Volt Typhoon was a particularly quiet operator that hid its traffic by routing it through hacked network equipment, like home routers, and carefully expunging evidence of intrusions from the victim’s logs.
  • This combination of behaviors makes detection especially difficult, as defenders must be able to differentiate between attacker activities and those of power users or administrative staff. 

Q1) What is a router?

A router is a physical or virtual appliance that passes information between two or more packet-switched computer networks. A router inspects a given data packet's destination IP address, calculates the best way for it to reach its destination and then forwards it accordingly.

Source: FBI shuts down China’s ‘Volt Typhoon’ hackers targeting U.S. infrastructure