EXPLORE
← Back to Actors

Volt Typhoon

Volt TyphoonBRONZE SILHOUETTEVanguard PandaDEV-0391UNC3236VoltziteInsidious TaurusDazedToad

[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021, primarily targeting critical infrastructure organizations in the US and its territories including Guam. [Volt Typhoon](https://attack.mitre.org/groups/G1017)'s targeting and pattern of behavior have been assessed as pre-positioning to enable lateral movement to operational technology (OT) assets for potential destructive or disruptive attacks. [Volt Typhoon](https://attack.mitre.org/groups/G1017) has emphasized stealth in operations using w...

82
Techniques
66
Covered
16
Gaps
80%
Coverage
Coverage66/82

COVERED (66)

T1003.001LSASS Memory111 det.T1003.003NTDS36 det.T1005Data from Local System47 det.T1006Direct Volume Access8 det.T1007System Service Discovery15 det.T1010Application Window Discovery1 det.T1012Query Registry25 det.T1016System Network Configuration Discovery40 det.T1016.001Internet Connection Discovery6 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1027.002Software Packing2 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location45 det.T1036.008Masquerade File Type5 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1056.001Keylogging4 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.004Unix Shell165 det.T1068Exploitation for Privilege Escalation99 det.T1069Permission Groups Discovery35 det.T1069.001Local Groups37 det.T1069.002Domain Groups44 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion43 det.T1074Data Staged12 det.T1074.001Local Data Staging10 det.T1078Valid Accounts297 det.T1078.002Domain Accounts28 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1090Proxy48 det.T1090.001Internal Proxy10 det.T1090.003Multi-hop Proxy9 det.T1105Ingress Tool Transfer184 det.T1112Modify Registry203 det.T1113Screen Capture18 det.T1120Peripheral Device Discovery4 det.T1124System Time Discovery4 det.T1133External Remote Services74 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application227 det.T1217Browser Information Discovery4 det.T1218System Binary Proxy Execution260 det.T1497.001System Checks6 det.T1505.003Web Shell65 det.T1518Software Discovery17 det.T1552Unsecured Credentials104 det.T1552.004Private Keys23 det.T1555Credentials from Password Stores41 det.T1555.003Credentials from Web Browsers16 det.T1560.001Archive via Utility26 det.T1570Lateral Tool Transfer23 det.T1588.002Tool13 det.T1589Gather Victim Identity Information1 det.T1589.002Email Addresses2 det.T1590Gather Victim Network Information5 det.T1591.004Identify Roles2 det.T1592Gather Victim Host Information4 det.T1654Log Enumeration1 det.T1685.005Clear Windows Event Logs12 det.