Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified VOLTZITE, a recognized threat group, which intersects with the Volt Typhoon threat group.
According to Cyber Security News, the reports shared with Cyber Security News, VOLTZITE deploys various web shells and FRP for Command and control communications.
The threat actor utilizes stolen credentials and compromises SOHO (Small Office and Home Office) networking equipment to facilitate lateral movement.
Their activity has been observed since early 2023, but there are speculations that the threat group existed since 2021. As of Early 2023, the threat group was discovered to be related to an incident that involved the US Territory of Guam compromise.
Other notable activities were in June 2023 (United States emergency management organization) and January 2024 (US telecommunication provider’s external network gateways and a large US city’s emergency services GIS network).