TIP: Click on subject to list as thread! ANSI
echo: politics
to: All
from: Mike Powell
date: 2024-12-07 10:53:00
subject: US critical infrastructur
US critical infrastructure hit once again by a new group on the scene

Date:
Fri, 06 Dec 2024 16:00:00 +0000

Description:
The group seems to be part of a wider cyber-espionage campaign.

FULL STORY

Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor
started targeting critical infrastructure organizations, as well as 
government entities, in the United States. 

This is according to Sherrod DeGrippo, director of threat intelligence
strategy at Microsoft. 

Speaking to The Register recently, DeGrippo said that the group abuses
software vulnerabilities and engages in spear phishing attacks to gain access
to peoples devices.

Commodity malware 

Once they get the access, they deploy different Remote Access Trojans (RAT)
and other malware to obtain login credentials for services such as Microsoft
365 . They also steal sensitive documents and whatever else they can get 
their hands on. The goal of the campaign is cyber-espionage. 

An interesting thing about Storm-0227 is that it uses off-the-shelf malware
which, a few years ago, would come as quite the shock: Even national-aligned
threat actors  are pulling commodity malware out of that trading ecosystem 
and using it for remote access," she told the publication. Half a decade ago
"that was sort of a shocking thing to see a nation-sponsored,
espionage-focused threat actor group really leveraging off the shelf 
malware," she added. "Today we see it very frequently." 

There was no word on the number of victims, but DeGrippo described the group
as an embodiment of persistence. 

"China continues to focus on these kinds of targets," she said. "They're
pulling out files that are of espionage value, communications that are
contextual espionage value to those files, and looking at US interests." 

Storm-0227 seems to overlap, at least in part, with Silk Typhoon, it was
further said. There is a whole list of typhoon threat actors, all on the
payroll of the Chinese government, and all apparently tasked with spying on
western governments, critical infrastructure firms, and other areas of
interest (military, aerospace, and similar). 

That includes Volt Typhoon, Salt Typhoon, Flax Typhoon, and Brass Typhoon.
Salt Typhoon was recently linked to a number of high-profile breaches,
including at least four major US telecom operators. 

 Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/us-critical-infrastructure-hit-once-aga
in-by-a-new-group-on-the-scene

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SOURCE: echomail via QWK@pharcyde.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.