Volt Typhoon Explained: Living Off the Land Tactics for Cyber Espionage
Tags
cmtmf-attack-pattern: Application Layer Protocol Command And Scripting Interpreter Obfuscated Files Or Information Scheduled Task/Job
country: China United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Application Layer Protocol - T1437 Botnet - T1583.005 Botnet - T1584.005 Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Credentials - T1589.001 Cron - T1053.003 Data Destruction - T1662 Data Destruction - T1485 Data From Local System - T1533 Dns - T1071.004 Dns - T1590.002 Domain Fronting - T1090.004 Exfiltration Over C2 Channel - T1646 Exploitation For Privilege Escalation - T1404 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Obfuscated Files Or Information - T1406 Network Service Scanning - T1423 Multi-Factor Authentication - T1556.006 Ntds - T1003.003 Password Managers - T1555.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Remote Desktop Protocol - T1021.001 Scheduled Task/Job - T1603 Security Account Manager - T1003.002 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Vulnerabilities - T1588.006 Standard Application Layer Protocol - T1071 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Local System - T1005 Domain Fronting - T1172 Exfiltration Over Command And Control Channel - T1041 Exploitation For Privilege Escalation - T1068 Network Service Scanning - T1046 Obfuscated Files Or Information - T1027 Powershell - T1086 Remote Desktop Protocol - T1076 Remote Services - T1021 Scheduled Task - T1053 Valid Accounts - T1078 Data Destruction Network Service Scanning Valid Accounts
Common Information
Type Value
UUID 33c6cde5-0074-45e8-9a23-42e8a8f24db7
Fingerprint a55089110990f541
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 23, 2024, 12:13 p.m.
Added to db Dec. 23, 2024, 2:07 p.m.
Last updated Dec. 23, 2024, 2:09 p.m.
Headline Volt Typhoon Explained: Living Off the Land Tactics for Cyber Espionage
Title Volt Typhoon Explained: Living Off the Land Tactics for Cyber Espionage
Detected Hints/Tags/Attributes 152/4/19
RSS Feed
Attributes
Details Type #Events CTI Value
Details Domain 11
www.cyber.nj.gov
Details File 82
mstsc.exe
Details MITRE ATT&CK Techniques 343
T1078
Details MITRE ATT&CK Techniques 743
T1059
Details MITRE ATT&CK Techniques 502
T1053
Details MITRE ATT&CK Techniques 221
T1068
Details MITRE ATT&CK Techniques 680
T1027
Details MITRE ATT&CK Techniques 323
T1003
Details MITRE ATT&CK Techniques 178
T1046
Details MITRE ATT&CK Techniques 179
T1021
Details MITRE ATT&CK Techniques 561
T1005
Details MITRE ATT&CK Techniques 458
T1041
Details MITRE ATT&CK Techniques 480
T1071
Details MITRE ATT&CK Techniques 102
T1485
Details Url 1
https://www.picussecurity.com/resource/blog/volt-typhoon-the-chinese-apt-group-abuse-lolbins-for-cyber-espionage
Details Url 1
https://www.bleepingcomputer.com/news/security/volt-typhoon-rebuilds-malware-botnet-following-fbi-disruption
Details Url 4
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques
Details Url 1
https://www.cyber.nj.gov/home/components/news/news/1510/214
Details Windows Registry Key 1
HKLM\SYSTEM\CurrentControlSet\Services\Credential