Chinese Hackers Attacking U.S. Critical Infrastructure Since 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified VOLTZITE, a recognized threat group, which intersects with the Volt Typhoon threat group.

According to Cyber Security News, the reports shared with Cyber Security News, VOLTZITE deploys various web shells and FRP for Command and control communications.

The threat actor utilizes stolen credentials and compromises SOHO (Small Office and Home Office) networking equipment to facilitate lateral movement.

Their activity has been observed since early 2023, but there are speculations that the threat group existed since 2021. As of Early 2023, the threat group was discovered to be related to an incident that involved the US Territory of Guam compromise.

Other notable activities were in June 2023 (United States emergency management organization) and January 2024 (US telecommunication provider’s external network gateways and a large US city’s emergency services GIS network).

Read More

Discover more from American Infrastructure

Subscribe now to keep reading and get access to the full archive.

Continue reading

Don't miss a thing

Sign up to receive our emailed AIWeekly eNewsletter & stay on top of everything happening in the American Infrastructure industry.

Click outside of this box if having trouble closing.