Tech

Microsoft & NSA expose Chinese-sponsored Volt Typhoon hacking group

Joel Loynds
microsoft logo above a thunderstorm as a security expert sits flummoxed at a hackPexels/Firefly AI/Microsoft

A hacker group named Volt Typhoon has been exposed by the NSA and Microsoft, as they issue a new cybersecurity warning around its actions online.

Microsoft and the NSA have published a security bulletin detailing how a hacking group, Volt Typhoon, managed to work its way into “critical infrastructure organizations in the United States”. Outside of the concern surrounding the hacks, Microsoft has stated that they are “a state-sponsored actor based in China”.

Volt Typhoon have been active since 2021, having struck Guam and the United States previously. Previous attacks have seen everything from transportation, construction, and education sectors of the US’ infrastructure attacked since they appeared on the scene.

Microsoft details hacking group’s techniques for hitting infrastructure

Microsoft logo next to a statue of AthenaMicrosoft / Pexels

The theorized idea behind the hack attempts appears to be the disruption of “critical communications infrastructure”. If a crisis were to occur in the future, could potentially put communication in jeopardy between the US and Asia.

A key point of entry that Microsoft has pinpointed as an issue is Fortinet FortiGuard devices. These devices are vital parts of security on networks in industries. Once Volt Typhoon has harvested credentials, it blasts the network trying to find a way into the network through SOHO (small home and home office) network devices, like home routers.

Once it has found access to the network, Microsoft says that Volt Typhoon can “expose HTTP or SSH management interfaces to the internet”. Breaking that down, it just allows external users to issue commands as if they were on the PC. Of course, the user themselves can prevent this, and have been advised to close off access.

An interesting thing to note about Volt Typhoon’s activity is that Microsoft says they rarely use malware in their attacks. Instead, once they’ve gained enough access, they use anything from basic to advanced command line instructions repeatedly until they find an attack vector through the system to access whatever they want.

Data is bundled up and extracted, leaving no footprint for users who don’t know what to look for. According to the report, this method of hacking reduces the need for overhead costs or adding more hardware to their setup.

About The Author

Joel Loynds

E-Commerce Editor. You can get in touch with him over email: joel.loynds@dexerto.com. He's written extensively about video games and tech for over a decade for various sites. Previously seen on Scan, WePC, PCGuide, Eurogamer, Digital Foundry and Metro.co.uk. A deep love for old tech, bad games and even jankier MTG decks.

keep reading
Google Play edition
Tech
Now is the perfect time for Google to bring back Play edition phones
Jitendra Soni
Discord promotional splash art
Tech
Discord is allegedly assigning gender to users with machine learning AI
Anurag Singh
Rumble logo and Google
Tech
YouTube rival Rumble sues “evil” Google for $1 billion in damages
Meera Jacka
Meta Quest 3 travel mode
Tech
Meta Quest 3 headsets now used by Airline for VR in-flight entertainment
Rebecca Hills-Duty

Subscribe to our newsletter for the latest updates on Esports, Gaming and more.