Microsoft said that the hackers, codenamed Volt Typhoon, have been in operation since mid-2021. By exploiting vulnerabilities in internet-facing Fortinet FortiGuard devices that admins never patched, the attackers are able to extract credentials to a network’s Active Directory, and use the data to infect other devices on a network.
Microsoft and global intelligence agencies warn of Chinese state hackers infecting US critical infrastructure
by // May 25, 2023