image credit: Adobe Stock

Microsoft and global intelligence agencies warn of Chinese state hackers infecting US critical infrastructure

May 25, 2023

Via: TechSpot

Microsoft said that the hackers, codenamed Volt Typhoon, have been in operation since mid-2021. By exploiting vulnerabilities in internet-facing Fortinet FortiGuard devices that admins never patched, the attackers are able to extract credentials to a network’s Active Directory, and use the data to infect other devices on a network.

“Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers),” Microsoft wrote. “Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the Internet.”

Read More on TechSpot