Insidious Taurus
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | China |
| Directly Linked Intrusion Sets | VOLTZITE , Volt Typhoon , KOSTOVITE , UNC2630 |
Insidious Taurus is an intrusion set identified researchers from Palo Alto which is also known as Volt Typhoon. The group have been called out by the US Government Agencies as state-sponsored actors from the People's Republic of China, known for targeting U.S. critical infrastructure.
The group is adept at pre-positioning within IT networks, likely for potential disruptive or destructive cyberattacks during crises or conflicts with the U.S. The FBI has labeled them as a significant threat, and multiple Joint Cybersecurity Advisories (CSAs) have been issued detailing their tactics, which include exploiting vulnerabilities in small office/home office (SOHO) network devices and using living-off-the-land techniques.
Organizations are advised to follow CISA's guidance, which includes hardening attack surfaces, securing credentials, and implementing network segmentation among other recommendations.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph