Living Off the Land Attacks
When Attackers Removed Legitimate Software to Hide
In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about threat actors linked to Volt Typhoon — a Chinese state-sponsored group that had been living inside U.S. critical infrastructure networks for years. One of their signature moves? They removed legitimate security tools and logging mechanisms from