In February, the FBI issued an advisory against activities threatening Hurricane Volt, listing the tactics, strategies, and procedures (TTPs) used by the group. “US regulatory agencies have confirmed that Typhoon Volt has compromised the IT environment of many critical infrastructure organizations – particularly in the Telecommunications, Energy, Transportation, and Water and Wastewater Systems Sectors – in the continental and non-continental United States and its territories, including Guam, said the report.
In a December 2023 operation, the FBI disrupted part of Volt Typhoon’s operations by taking down a botnet of hundreds of US small office or home office (SOHO) routers.
To gain initial access, Volt Typhoon actors often exploit vulnerabilities in network devices such as those from Fortinet, Ivanti Connect Secure (formerly Pulse Secure), NETGEAR, Citrix, and Cisco. The Salt Storm, and another APT Flax Storm linked to China, likely used similar early infection strategies.
Source link