Microsoft & NSA expose Chinese-sponsored Volt Typhoon hacking group

Joel Loynds
microsoft logo above a thunderstorm as a security expert sits flummoxed at a hack

A hacker group named Volt Typhoon has been exposed by the NSA and Microsoft, as they issue a new cybersecurity warning around its actions online.

Microsoft and the NSA have published a security bulletin detailing how a hacking group, Volt Typhoon, managed to work its way into “critical infrastructure organizations in the United States”. Outside of the concern surrounding the hacks, Microsoft has stated that they are “a state-sponsored actor based in China”.

Volt Typhoon have been active since 2021, having struck Guam and the United States previously. Previous attacks have seen everything from transportation, construction, and education sectors of the US’ infrastructure attacked since they appeared on the scene.

Microsoft details hacking group’s techniques for hitting infrastructure

Microsoft logo next to a statue of Athena

The theorized idea behind the hack attempts appears to be the disruption of “critical communications infrastructure”. If a crisis were to occur in the future, could potentially put communication in jeopardy between the US and Asia.

A key point of entry that Microsoft has pinpointed as an issue is Fortinet FortiGuard devices. These devices are vital parts of security on networks in industries. Once Volt Typhoon has harvested credentials, it blasts the network trying to find a way into the network through SOHO (small home and home office) network devices, like home routers.

Once it has found access to the network, Microsoft says that Volt Typhoon can “expose HTTP or SSH management interfaces to the internet”. Breaking that down, it just allows external users to issue commands as if they were on the PC. Of course, the user themselves can prevent this, and have been advised to close off access.

An interesting thing to note about Volt Typhoon’s activity is that Microsoft says they rarely use malware in their attacks. Instead, once they’ve gained enough access, they use anything from basic to advanced command line instructions repeatedly until they find an attack vector through the system to access whatever they want.

Data is bundled up and extracted, leaving no footprint for users who don’t know what to look for. According to the report, this method of hacking reduces the need for overhead costs or adding more hardware to their setup.