September 20, 2024 at 08:51AM
Threat intelligence company GreyNoise has highlighted a worrying trend involving mass spoofed traffic potentially linked to China. Named Noise Storm, these controlled traffic bursts exhibit diverse characteristics, including their focus on specific internet segments and connection to major Chinese platforms. GreyNoise speculates potential motives for these mysterious activities and emphasizes the need for robust security measures.
From the meeting notes, it is clear that GreyNoise has identified a concerning phenomenon they referred to as “Noise Storms.” These involve massive amounts of spoofed traffic, potentially linked to China, and present several worrying characteristics.
The spoofed traffic mimics realistic network hops, emulates traffic from different operating systems, and targets specific segments of the internet. It is also associated with a Content Delivery Network servicing major Chinese platforms, suggesting sophisticated threat actors are involved.
The purpose of the Noise Storms remains unclear, with possible explanations including covert communication, router misconfigurations, elaborate command-and-control mechanisms, sophisticated DDoS attacks, and traffic manipulation due to congestion.
GreyNoise also noted patterns in the spoofed traffic, including the ASCII string ‘LOVE’ in the ICMP packets, reinforcing the hypothesis of covert communications.
Furthermore, the connections between the Noise Storms and news reports describing military actions add complexity to the cybersecurity landscape, prompting the need for security leaders to reassess their defenses.
To highlight the potential involvement of China in similar activities, references were made to previous reports detailing China-linked threat actors probing the internet using manipulated DNS mail server records.
The meeting notes provide valuable insights into the emerging cybersecurity threat posed by these Noise Storms and the potential connections to sophisticated threat actors and state-sponsored activities.