FBI evolves advanced threat hunting after Chinese Typhoon attacks

The FBI was noted by its Cyber Division Deputy Assistant Director Jason Bilnoski to have transformed its advanced threat hunting tactics following significant attacks by Chinese state-backed threat operations Salt Typhoon and Volt Typhoon against critical infrastructure, reports CyberScoop.

Both Typhoon hacking groups' exploitation of living-off-the-land techniques and legitimate tools to facilitate increasingly clandestine and persistent network breaches has hindered the agency's efforts to impart indicators of compromise, noted Bilnoski at the Billington Cybersecurity Summit.

"We're having to now hunt as if they're already on the network, and we're hunting in ways we hadn't before. They're not dropping tools and malware that we used to see, and perhaps there's not a lot of IOCs that we'd be able to share in certain situations," said Bilnoski.

Similar observations regarding Chinese hackers' evolving cyberespionage capabilities have also been made by Cybersecurity and Infrastructure Security Agency Associate Director for Threat Hunting Jermaine Roebuck, who noted attackers' shift to cloud and managed service provider services.