The Chinese state-sponsored APT group 'Volt Typhoon', also known as 'Vanguard Panda', has been found exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus. The group has been using previously undisclosed stealth techniques. The group was first identified last month through joint reports from Microsoft and various government agencies, which highlighted the group's targeting of critical infrastructure in the Pacific region. This could potentially be used as a future beachhead in the event of a conflict with Taiwan. The group's tactics, techniques, and procedures (TTPs) include initial intrusion via internet-exposed Fortinet FortiGuard devices and hiding their network activity through compromised routers, firewalls, and VPN hardware. A recent campaign by the group showed their flexibility and adaptability, utilizing the vulnerability CVE-2021-40539 in ManageEngine for intrusion. They then masked their Web shell as a legitimate process and erased logs to cover their tracks. Tom Etheridge, chief global professional services officer for CrowdStrike, stated that these previously unknown tactics allowed the group 'pervasive access to the victim's environment for an extended period.' The group has been observed targeting organizations in various sectors, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. However, their most notable targets have been critical infrastructure in the United States and Guam. Etheridge has emphasized the importance of identity management, threat hunting, and incident response in dealing with threats from groups like Volt Typhoon.