Typhoon-like gang slinging TLS certificate 'signed' by LAPD
Briefly

A covert and sustained cyber intrusion campaign, likely linked to China's 'Typhoon' groups, has infected at least 1,000 devices mainly across the US and Southeast. Using a fraudulent certificate from the Los Angeles police, the attackers target vulnerable routers, IoT devices, and small office networks to create Operational Relay Boxes (ORBs). These ORBs facilitate traffic routing and cyber assaults, making them harder to trace because they appear to originate from local IP addresses, thereby integrating stealthy data transfer techniques used by state actors.
"It's a technique that nation-state adversaries, particularly Volt Typhoon, uses as a way of transferring their traffic and obfuscating their activity," Security Scorecard field chief threat intelligence officer Ryan Sherstobitoff explained.
"They'll use ORB boxes, usually in the last mile of or close proximity to their targets, and be able to then launch attacks coming from those ORB boxes to the targets so it looks like it's within the same geographical area."
The ongoing cyber intrusion campaign has infected at least 1,000 devices, primarily in the US and South East, displaying characteristics of China's 'Typhoon' groups.
The attackers are using a phony certificate purportedly signed by the Los Angeles police department to gain access to critical infrastructure.
Read at Theregister
[
|
]