Volt Typhoon
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | China |
| Directly Linked Intrusion Sets | Insidious Taurus , VOLTZITE , KOSTOVITE , UNC2630 |
Volt Typhoon is a cyber intrusion set first identified by Microsoft. Threat researchers at Microsoft state that the group has been active since 2021, targeting critical infrastructure and employing living-off-the-land techniques to achieve their objectives.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Volt Typhoon Threat Reports
Report
PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
Following an initial advisory issued in May 2023, this advisory from CISA, NSA and partners outlines information on the broader campaign of cyber ...
Report
People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
This advisory from the US National Security Agency, CISA and various other agencies outlines tactics, techniques and procedures used by Volt ...
References
hub.dragos.com
https://hub.dragos.com/hubfs/116-Datasheets/Dragos_IntelBrief_VOLTZITE_FINAL.pdfwww.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144aunit42.paloaltonetworks.com
https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/www.microsoft.com
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/www.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038aMITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.