National Cyber Warfare Foundation (NCWF)

Volt Typhoon
0 user ratings		2024-06-18 15:21:36
blscott

 - archive -- 

Volt Typhoon

MITRE:  G1017

Volt Typhoon is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021. Volt Typhoon typically focuses on espionage and information gathering and has targeted critical infrastructure organizations in the US including Guam. Volt Typhoon has emphasized stealth in operations using web shells, living-off-the-land (LOTL) binaries, hands on keyboard activities, and stolen credentials.

 Alternate names

Volt Typhoon is an advanced persistent threat (APT) that has been active since at least 2013, targeting organizations in various industries including government agencies and military entities. It uses a variety of tactics to gain access to its targets' networks, such as spear-phishing emails or exploiting vulnerabilities in software. Once inside the network, Volt Typhoon can steal sensitive information, install additional malware, and maintain persistence on the system for extended periods of time. It is considered a highly sophisticated threat that requires advanced detection techniques to identify its presence within an organization's systems.

Techniques, tactics and practices:

Volt Typhoon uses a variety of techniques to gain access to its targets' networks, including spear-phishing emails that appear legitimate but contain malicious attachments or links. It also exploits vulnerabilities in software such as Adobe Flash Player and Microsoft Office to install additional malware on the system. Once inside the network, Volt Typhoon can steal sensitive information, such as login credentials for other systems within the organization, and maintain persistence on the system for extended periods of time using techniques like rootkit installation or registry modification. It is considered a highly sophisticated threat that requires advanced detection techniques to identify its presence within an organization's systems.

Alternate Group Names
BRONZE SILHOUETTEDev-0391Insidious TaurusStorm-0391UNC3236VANGUARD PANDAVOLTZITE

Alternative Names
VANGUARD PANDABRONZE SILHOUETTERedfly


Comments
new comment
Nobody has commented yet. Will you be the first?


a.k.a
Storm-0391
Insidious Taurus
UNC3236
Dev-0391
BRONZE SILHOUETTE
G1017
  




This link is from a restricted area of the forums.
Forum


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.