PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
released on 2024-02-07 @ 08:46:17 PM
This report provides analysis of three files obtained from critical infrastructure compromised by Chinese state-sponsored threat actor Volt Typhoon. The files enable command-and-control and discovery capabilities. Volt Typhoon is known to target US critical infrastructure. The report provides technical analysis of the files, including tags, relationships between files and command-and-control infrastructure, and recommendations for defense.