Last week, Microsoft warned that Chinese state-backed cybercriminals compromised critical U.S. cyber infrastructure in a variety of industries, including government and communications organizations. In connection with the threat, the countries that make up the Five Eyes intelligence network (USA, Australia, Canada, New Zealand and the UK) announced in a joint statement that they are publishing a guide on cyber security. His the goal is, among others drawing attention to the recently discovered China-sponsored Volt Typhoon group.
China attacks US via routers. Hackers collect information in case of war
Critical infrastructure has been under attack since 2021. People’s Republic of China-sponsored hackers collect information that can be used to “disrupt critical communications” between the US and the Asia-Pacific region in the event of a US-China war. .
“Many devices, including those made by ASUS, Cisco, D-Link, NETGEAR and Zyxel, allow the owner to provide HTTP or SSH management interfaces on the Internet,” explain cybersecurity experts at Check Point Research. The Volt Typhoon takes a “living off the land” approach. “Instead of using malware, which can be detected by many modern security systems, attackers use built-in network administration tools (…). Such techniques also allow (…) to maintain network persistence. (…) Tools APT groups enable a second wave of attacks or data theft, even if the organization believes that the threat has been eliminated.
Chinese cyber spies launch a series of attacks
Attacks by Chinese cyberespionage groups are nothing new to Check Point Research experts. Chinese APT groups (“APT is a group with high skills and access to various resources, e.g. financial or hardware, whose main goal is to get into a computer network in order to steal or sabotage data” -). Groups such as Volt Typhoon have a history of sophisticated cyberespionage campaigns. Their primary motivation is often strategic intelligence gathering, targeted disruption, or simply gaining a foothold in networks for future operations.
Check Point Research (CPR) reports that it has closely monitored a series of targeted attacks targeting European foreign affairs actors over the past months. These campaigns were linked to a state-sponsored Chinese APT group dubbed Camaro Dragon. It shows similarities to previously reported activities by Chinese cybercriminals, namely Mustang Panda.
“Comprehensive analysis of these attacks revealed a malicious firmware implant tailored to TP-Link routers. The implant contains several malicious components, including a custom backdoor called “Horse Shell” that allows attackers to maintain permanent access, build an anonymous infrastructure and allow lateral movement to attacked networks,” reports Checkpoint Research.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
