China state-sponsored actor carries out 'attack' on US critical infrastructure, Microsoft says

Microsoft says that Volt Typhoon is a state-sponsored actor of the PRC

China state-sponsored cyber actor Volt Typhoon is targeting critical infrastructure organizations in the U.S., according to Microsoft.

hacker ransomware attack

Microsoft warned Wednesday that Volt Typhoon, a cyber actor linked to the People's Republic of China, is targeting critical infrastructure organizations in the U.S. (iStock / iStock)

Microsoft said in a Wednesday post that the company has "uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States."

SUSPECTED CHINA-BASED FENTANYL SUPPLIERS RAKING IN TENS OF MILLIONS IN CRYPTO, ANALYSIS SHOWS

"The attack is carried out by Volt Typhoon," Microsoft said. Volt Typhoon is a Chinese state-sponsored actor that focuses on "espionage and information gathering."

CLICK HERE TO GET THE FOX NEWS APP

Signage outside the Microsoft campus

Microsoft reported Wednesday that it detected China state-sponsored cyber actor Volt Typhoon is targeting American critical infrastructure organizations. (David Paul Morris/Bloomberg via Getty Images / Getty Images)

Ticker Security Last Change Change %
MSFT MICROSOFT CORP. 417.00 +4.13 +1.00%

"Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises," the statement reads.

CHINA SLAPS RESTRICTIONS ON US COMPANY OVER ‘NATIONAL SECURITY’ RISKS AS CHIP WAR ESCALATES

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) and international cybersecurity authorities issued a joint Cybersecurity Advisory (CSA) warning the agencies believe Volt Typhoon, which they noted is associated with the People's Republic of China, "could apply the same techniques" against infrastructure networks across the U.S. and "other sectors worldwide."

Chinese flag on computer

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) acknowledged it is aware of Volt Typhoon's activities threatening U.S. critical infrastructure organizations and issued warning along with international cybersecurity authorities. (Jakub Porzycki/NurPhoto via Getty Images / Getty Images)

The CSA explained Volt Typhoon's primary tactics, techniques and procedures (TTPs) is "living off the land," which allows it to avoid detection by using built-in network administration tools to blend in with normal Windows systems and fly under the radar of third-party endpoint detection and response products.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

The agencies recommend organizations take steps to tighten up their cybersecurity in light of the threat, such as hardening domain controllers, monitoring event logs, limiting port proxy usage, investigating any unusual IP addresses and reviewing firewall configurations.