PRC State-Sponsored Actors Compromise and Gain Access to US Critical Infrastructure

This report provides analysis of three files obtained from critical infrastructure compromised by Chinese state-sponsored threat actor Volt Typhoon. The files enable command-and-control and discovery capabilities. Volt Typhoon is known to target US critical infrastructure. The report provides technical analysis of the files including tags relationships between files and command-and-control infrastructure and recommendations for defense.