Volt Typhoon (also known as Bronze Silhouette or Vanguard Panda).
Audit 7z.exe executions, especially those involving temporary or public directories.
To protect against activity involving this artifact, organizations are encouraged to:
Security professionals monitor for the execution of commands like 7z.exe a -p {REDACTED} c:\windows\temp\SS-Bet-001_s.7z . Because the file name often follows specific patterns or remains consistent across different victims, its presence is a high-confidence indicator of a compromise. Mitigations
Restrict the use of administrator accounts and audit any use of built-in Windows tools for non-administrative tasks.
Forward Windows Event Logs to a hardened, segmented server to prevent actors from clearing their tracks.