Chinese State Hacker 'Volt Typhoon' Targets Guam and US
A Chinese state hacker, dubbed "Volt Typhoon" by Microsoft, has targeted critical infrastructure in Guam and the United States, likely for cyberespionage and maintaining long-term access. The threat actor has been active since mid-2021 and has targeted sectors such as communications, information technology, and government agencies. Volt Typhoon gains initial access through internet-facing Fortinet FortiGuard devices and extracts credentials to an Active Directory account used by the device. Once inside a network, the threat actor proxies internet traffic through compromised small-office or home-office routers to make detection harder. Microsoft and the Five Eyes intelligence-sharing alliance advise router owners to ensure management interfaces are not exposed to the public internet and provide detection signatures to aid network defenders. Malware: VoltTyphoon CVEs: CVE-2021-40539, CVE-2021-27860 [View Article](https://www.bankinfosecurity.com/chinese-state-hackers-volt-typhoon-target-guam-us-a-22158)