At a glance.
- US government disrupts Volt Typhoon.
- Schneider Electric confirms ransomware attack.
- Microsoft Teams abused for phishing.
- New variant of the Zloader Trojan.
US government disrupts Volt Typhoon.
Reuters reports that the US Justice Department and FBI disabled portions of a network of compromised devices that was being used by the China-linked threat actor Volt Typhoon to target US critical infrastructure. Volt Typhoon had been forming a botnet by compromising vulnerable devices, including routers, modems, and IoT devices, in order to hide later intrusions into sensitive targets.
John Hultquist, Chief Analyst at Mandiant Intelligence, said in an emailed statement that Volt Typhoon has been conducting battlespace preparation by staging potentially disruptive attacks: "This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the US. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down."