Several U.S. defense and government organizations have been targeted by state-backed Chinese hacking group Bronze Silhouette, also known as Volt Typhoon, for military intelligence over a period of at least two years, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks launched by Bronze Silhouette involved the use of living-off-the-land tools to further conceal malicious activity, a report from Secureworks found. Vulnerable internet-exposed servers have also been used by Bronze Silhouette to facilitate Active Directory credential collection within nearly 19 minutes, said Secureworks researcher Marc Burnard.
Meanwhile, Secureworks Counter Threat Unit Head Don Smith noted that compromised machines in the same country as their victims have been leveraged by the operation for their command-and-control infrastructure.
"What they're trying to avoid is ultimately the activity being attributed back to China. They're after that strategic long term access to organizations that are working very closely with the military and have extremely valuable data that they may potentially be able to mine for military intelligence value," said Burnard. Such findings come after the operation was reported by Microsoft to have impacted critical infrastructure organizations across the U.S., including Guam.
Threat Management, Critical Infrastructure Security
US military intelligence also targeted by Chinese hackers behind critical infrastructure compromise
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds