The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in the United States and remained undetected for at least five years before being discovered.
Volt Typhoon hackers are known for extensively using living off the land (LOTL) techniques as part of their attacks on critical infrastructure organizations.
They’re also using stolen accounts and leverage strong operational security, which enables them to avoid detection and maintain long-term persistence on compromised systems.
“In fact, the U.S. authoring agencies have recently observed indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years,” the agencies said.
“Volt Typhoon actors conduct extensive pre-exploitation reconnaissance to learn about the target organization and its environment; tailor their tactics, techniques, and procedures (TTPs) to the victim’s environment; and dedicate ongoing resources to maintaining persistence and understanding the target environment over time, even after initial compromise.”
Volt Typhoon’s activities have been detected across various sectors, including Communications, Energy, Transportation Systems, and Water and Wastewater Systems, both within the continental United States and its territories. Notably, their tactics deviate from conventional cyber espionage, indicating a focus on preparing for potential disruptions rather than intelligence gathering.
