In a recent interview, Thomas Etheridge, a representative from the cybersecurity company CrowdStrike, shed light on their groundbreaking work in countering the threat posed by Volt Typhoon, also known as VANGUARD PANDA. This threat actor, with a clear nexus to China, has been targeting critical infrastructure entities in the United States. With the Cybersecurity and Infrastructure Security Agency (CISA) issuing an advisory on VANGUARD PANDA and highlighting its ties to Chinese adversaries, CrowdStrike’s research provides valuable insights into the risks associated with this notorious threat actor.
CrowdStrike’s Intelligence team diligently tracked the activities of VANGUARD PANDA and identified multiple incidents that necessitated their immediate attention. One incident, in particular, caught their eye and warrants a detailed examination. Falcon Complete, CrowdStrike’s managed detection and response (MDR) service, responded to a detection alert triggered by suspicious reconnaissance commands carried out under an Apache Tomcat web server running ManageEngine ADSelfService Plus.
This incident serves as a prime example of VANGUARD PANDA’s sophisticated tradecraft. The threat actor exploited vulnerabilities in the software stack to gain a foothold within the target’s infrastructure. The Apache Tomcat web server, a widely adopted web server technology, presented an enticing entry point for the adversary. By exploiting weaknesses in the ManageEngine ADSelfService Plus software, VANGUARD PANDA was able to execute reconnaissance commands undetected. The purpose of such reconnaissance is to gather valuable information about the target’s network, ultimately aiding the threat actor in planning and executing further attacks.
The detection of these suspicious activities can largely be attributed to the advanced capabilities of CrowdStrike’s Falcon Complete MDR service. Equipped with state-of-the-art monitoring and threat intelligence tools, Falcon Complete swiftly identified the abnormal behavior and flagged it for further investigation. This proactive approach to threat detection and response is crucial in mitigating the risks posed by advanced threat actors like VANGUARD PANDA.
Etheridge emphasized the significance of having a robust MDR solution to counter emerging cyber threats. He stated, “Traditional security solutions are often ill-equipped to detect and respond to the sophisticated tactics employed by modern adversaries. Without a comprehensive MDR service like Falcon Complete, organizations may remain unaware of ongoing threats, leading to prolonged exposure and potential compromise.”
The research conducted by CrowdStrike highlights the evolving nature of cyber threats, particularly those originating from China. Chinese adversaries have increasingly targeted US businesses and critical infrastructure, posing significant risks to national security and economic stability. The connection between VANGUARD PANDA and China underscores the need for heightened vigilance and proactive cybersecurity measures.
To effectively protect against VANGUARD PANDA and similar threat actors, organizations must adopt a multi-layered security approach. This involves implementing robust endpoint security solutions, continuous monitoring and threat hunting capabilities, and strong incident response protocols. Furthermore, organizations are encouraged to stay abreast of the latest threat intelligence and advisories issued by reputable cybersecurity agencies like CISA.
CrowdStrike’s ongoing research and development efforts serve as a beacon of hope in the ever-evolving landscape of cybersecurity. By consistently unveiling the tactics and techniques employed by threat actors like VANGUARD PANDA, CrowdStrike equips organizations with the knowledge needed to bolster their defenses and effectively mitigate risks.
In conclusion, CrowdStrike’s work on countering VANGUARD PANDA, also known as Volt Typhoon, sheds light on the evolving threat landscape. With cyber adversaries increasingly targeting critical infrastructure entities in the United States, it is essential for organizations to leverage robust MDR solutions such as Falcon Complete. By investing in advanced threat detection and response capabilities, organizations can minimize the impact of cyber threats and protect their most valuable assets.