Technology

US critical infrastructure hit once again by a new group on the scene

December 6, 2024

Microsoft says a new threat actor started targeting critical infrastructure
The group is linked to Silk Typhoon
It engages in spear phishing and vulnerability exploits

Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States.

This is according to Sherrod DeGrippo, director of threat intelligence strategy at Microsoft.

Speaking to The Register recently, DeGrippo said that the group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices.

Commodity malware

Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to obtain login credentials for services such as Microsoft 365. They also steal sensitive documents and whatever else they can get their hands on. The goal of the campaign is cyber-espionage.

An interesting thing about Storm-0227 is that it uses off-the-shelf malware which, a few years ago, would come as quite the shock: “Even national-aligned threat actors … are pulling commodity malware out of that trading ecosystem and using it for remote access,” she told the publication. Half a decade ago “that was sort of a shocking thing to see a nation-sponsored, espionage-focused threat actor group really leveraging off the shelf malware,” she added. “Today we see it very frequently.”

There was no word on the number of victims, but DeGrippo described the group as an “embodiment of persistence”.

“China continues to focus on these kinds of targets,” she said. “They’re pulling out files that are of espionage value, communications that are contextual espionage value to those files, and looking at US interests.”

Storm-0227 seems to overlap, at least in part, with Silk Typhoon, it was further said. There is a whole list of “typhoon” threat actors, all on the payroll of the Chinese government, and all apparently tasked with spying on western governments, critical infrastructure firms, and other areas of interest (military, aerospace, and similar).

That includes Volt Typhoon, Salt Typhoon, Flax Typhoon, and Brass Typhoon. Salt Typhoon was recently linked to a number of high-profile breaches, including at least four major US telecom operators.

Via The Register

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar