Volt Typhoon ‘Hit’ America
According to Microsoft, Typhoon Volt has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States. “In this campaign, affected organizations span the communications, manufacturing, utility, transportation, manufacturing, maritime, government, information technology and education sectors,” Microsoft said in the blog. Worryingly, according to Microsoft, a threat actor could be spying and gaining access for a period of time without being detected.
One of the ways to access Volt Typhoon fortinet fortiguard Device. “The threat actor attempts to take advantage of any privileges afforded by the Fortinet device, extract credentials to an Active Directory account used by the device, and then authenticate to other devices on the network with those credentials.” tries to do,” Microsoft explained in the blog.
The company said it is investigating how hacker Gaining access to Fortinet devices. Microsoft has also confirmed that many devices, including those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose an HTTP or SSH management interface to the Internet. “By proxying through these devices, Volt Typhoon increases the stealth of its operations and lowers overhead costs for accessing infrastructure,” Microsoft said.
Microsoft has also shared tips in case any device gets tampered with. Organizations should close or change the credentials of all hacked accounts, depending on the level of collection activity multiple accounts may be affected. In addition, organizations should identify LSASS dumping and domain controller installation media creation to identify affected accounts.