Intrusions against U.S. critical infrastructure and government agencies have been deployed by Chinese state-backed cyberespionage operation Storm-0227 since Wednesday, reports The Register.
After leveraging application vulnerabilities and spear-phishing emails to spread the SparkRAT remote administration tool for initial network access and persistence, Storm-0227 — which like the Salt Typhoon, Volt Typhoon, and TAG-100 operations launched attacks against U.S. defense industrial base, telecommunications, aviation, financial, government, and non-government organizations — proceeded to exfiltrate credentials from Microsoft 365 and other apps, which were later used to compromise sensitive data, according to the Microsoft Threat Intelligence team. "China continues to focus on these kinds of targets. They're pulling out files that are of espionage value, communications that are contextual espionage value to those files, and looking at U.S. interests," said Microsoft Director of Threat Intelligence Strategy Sherrod DeGrippo, who emphasized the persistent threat posed by Chinese threat actors against U.S. infrastructure.
