A state-linked actor, Volt Typhoon, is attempting to gain a foothold across U.S. networks amid rising tensions in the Pacific, Microsoft and the Five Eyes authorities said.
What is the Volt Typhoon campaign?
The Volt Typhoon campaign is a malicious cyber initiative linked to a state-sponsored actor, aimed at accessing U.S. critical infrastructure. This campaign utilizes small office and home office devices to blend in with normal activities, potentially disrupting communications with Asia amid rising tensions.
What devices are being targeted?
The campaign primarily targets internet-facing devices such as routers, firewalls, and VPNs from various manufacturers, including Fortinet, ASUS, Cisco, D-Link, Netgear, and Zyxel. These devices are exploited to gain initial access to critical infrastructure providers.
How can organizations protect themselves?
Organizations can enhance their defenses by implementing detection and mitigation strategies against living-off-the-land techniques, as recommended by the NSA. Regularly updating and securing network devices, along with monitoring for unusual activity, can also help in reducing vulnerability to such cyber threats.
.png "Leaf Software Solutions"){kind=logo}
Sign in with LinkedIn