Spot on Mark. The 3 most common attack paths used by hackers are:
1. People
2. Software
3. Supply Chain
Your article emphasizes that Volt Typhoon uses the Software attack path to breach an organization cyber ecosystem and implant harmful software.
Volt Typhoon is a sophisticated threat group, typically gaining initial access to targets by exploiting unpatched vulnerabilities, including zero-day flaws, as well as through phishing techniques. Once initial access is gained, Volt Typhoon stays persistent for as long as possible, blending in with normal traffic and operating systems. This is achieved through “living off the land” (LOTL) techniques, leveraging native operating system tools to evade detection and favoring manual operations over automated manual scripts, further enhancing their adaptability within the environment.
This is precisely the type of hacker attack that CISA’s Secure by Design Software Acquisition Guide practices aim to prevent, with a goal of protecting software consumers from risky software, proactively, including critical infrastructure operators
