In February, the FBI issued an advisory in opposition to Volt storm’s menace actions, itemizing out the techniques, strategies, and procedures (TTPs) utilized by the group. “The US authoring businesses have confirmed that Volt Storm has compromised the IT environments of a number of essential infrastructure organizations — primarily in Communications, Power, Transportation Programs, and Water and Wastewater Programs Sectors — within the continental and non-continental United States and its territories, together with Guam,” the advisory stated.
In a December 2023 operation, the FBI disrupted a fraction of the Volt Storm operations by knocking down a botnet of lots of of US based mostly small-office or home-office (SOHO) routers.
To acquire preliminary entry, Volt Storm actors generally exploit vulnerabilities in networking home equipment corresponding to these from Fortinet, Ivanti Join Safe (previously Pulse Safe), NETGEAR, Citrix, and Cisco. Salt Storm, together with one other China-linked APT Flax Storm, doubtless employs related strategies for early infections.
