Volt Typhoon target...
Clear all

Volt Typhoon targets network devices from Fortinet, Ivanti, Cisco, NetGear, and Citrix

1 Posts
1 Users
0 Reactions
Brandon Lee
Posts: 554
Member Admin
Topic starter

On Wednesday, U.S. authorities alerted that the China-associated cyber group known as Volt Typhoon has been achieving initial infiltration into IT networks by leveraging vulnerabilities in network devices from several vendors, including Fortinet, Ivanti, Cisco, NetGear, and Citrix.

This caution comes in the wake of the FBI's announcement the previous week, detailing a successful operation to thwart Volt Typhoon's attempts to breach U.S. critical infrastructure. The FBI asserts that Volt Typhoon operates with backing from the Chinese government.

An advisory issued by the FBI, along with the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA), shed light on new information regarding Volt Typhoon's tactics. A striking revelation from the advisory was Volt Typhoon's capability to maintain access within certain IT networks for periods extending up to five years.

The advisory specifically named several network device manufacturers whose products have been recurrently exploited by Volt Typhoon to gain entry into targeted systems. The group has been reported to frequently utilize publicly known vulnerabilities, employing available exploit codes, but also shows proficiency in identifying and exploiting undisclosed (zero-day) vulnerabilities.

A particular instance of Volt Typhoon's infiltration tactics highlighted by U.S. agencies involved exploiting a vulnerability (CVE-2022-42475) in an unpatched FortiGate 300D firewall, which facilitated the group's initial access to the network perimeter of a targeted entity.



Posted : 07/02/2024 9:21 pm