Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Course
    • Libraries: If you want this course, consider one of these libraries.
    • Security

Volt Typhoon: T1070.003 Indicator Removal Emulation

Explore how and why Volt Typhoon removed or modified files left behind by the actions of their intrusion activity in critical infrastructure networks.

Matthew Lloyd Davies - Pluralsight course - Volt Typhoon: T1070.003 Indicator Removal Emulation
Matthew Lloyd Davies
What you'll learn

Non-native files such as tools and malware used during an attack may leave traces to indicate what was done by an adversary and how they did it. A common technique used by adversaries to hide their tracks is to remove these files either during an intrusion, or as part of post-intrusion activities. In this course, Volt Typhoon: T1070.003 Indicator Removal Emulation, explore how the Volt Typhoon threat group used this technique to minimize their footprint on systems and remain undetected in critical infrastructure for over 5 years.

Table of contents

About the author
Matthew Lloyd Davies - Pluralsight course - Volt Typhoon: T1070.003 Indicator Removal Emulation
Matthew Lloyd Davies

Matt has a degree in Chemical engineering and a PhD in mathematical chemistry. He is also a GIAC certified incident handler and penetration tester and has regulated cyber security in the UK civil nuclear sector for many years.

Get access now

Sign up to get immediate access to this course plus thousands more you can watch anytime, anywhere.

Get started with Pluralsight