Comments by "" (@DanielSMatthews) on "US issues warning about Chinese state-sponsored actor targeting critical infrastructure" video.

  1. They are targeting weaknesses in Microsoft systems and applications. "Living off the land", means using built-in network administration tools to perform their objectives. This allows the actor to evade detection by blending in with normal Windows system and network activities, avoid endpoint detection and response (EDR) products that would alert on the introduction of third-party applications to the host, and limit the amount of activity that is captured in default logging configurations. Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices to leverage any privileges afforded by the Fortinet device, extracts credentials to an Active Directory account used by the device, and then attempts to authenticate to other devices on the network with those credentials. i.e. Only very specific large organisations need to worry about it and they should have all been notified by Fortinet already.
    6
  2. Yeah he normally does bit parts in kung fu movies but had to turn to cyber crime to make ends meet during the covid lockdowns. 😏
    2