"Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering," Microsoft said in a blog post.
Microsoft pointed out that it is moderately confident that Volt Typhoon is developing capabilities that could potentially disrupt critical communications infrastructure between the United States and Asia during a crisis.
In parallel to Microsoft’s warning, a range of United States agencies, including the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Federal Bureau of Investigation, as well as international cybersecurity partners issued a joint cybersecurity advisory on the discovery.
The advisory notes the actor evades detection by blending in with regular Windows systems and network activities that would otherwise alert on the installation of third-party applications as part of its living off-the-land tactic, which uses built-in network administration tools.