PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure [Wednesday, February 07, 2024]

This report provides analysis of three files obtained from critical infrastructure compromised by Chinese state-sponsored threat actor Volt Typhoon...
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure [Wednesday, February 07, 2024]
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

Description :
This report provides analysis of three files obtained from critical infrastructure compromised by Chinese state-sponsored threat actor Volt Typhoon. The files enable command-and-control and discovery capabilities. Volt Typhoon is known to target US critical infrastructure. The report provides technical analysis of the files, including tags, relationships between files and command-and-control infrastructure, and recommendations for defense.

Published Created Modified
2024-02-07 20:46:17 2024-02-07 20:46:17 2024-02-07 21:25:03

Tags

Indicators

IPv4s : Domains : Hashes :
  • 99b80c5ac352081a64129772ed5e1543d94cad708ba2adc46dc4ab7a0bd563f1
  • eaef901b31b5835035b75302f94fee27288ce46971c6db6221ecbea9ba7ff9d0
  • edc0c63065e88ec96197c8d7a40662a15a812a9583dc6c82b18ecd7e43b13b70
Intrusion set :
  • Volt Typhoon
Location :
  • United States of America
MITRE ATT&CK Techniques : Other observables :
  • Technology

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.