CyberSecurityBoard
Sponsor Register Login

China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments

Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports.
As part of the observed attacks, the adversaries exploited CVE-2019-1653 and CVE-2019-1652, two critical-severity bugs in discontinued Cisco small business RV320/325 VPN routers, which have been targeted by Chinese hackers before and are also featured in CISA's KEV catalog.
According to SecurityScorecard, the China-linked advanced persistent threat actor Volt Typhoon likely compromised one-third of the vulnerable devices observed by the company.
Specifically, over a 37-day period, 325 out of 1,116 devices were seen connecting to two IP addresses used as proxy routers for command-and-control communication, suggesting that they might be part of the same Volt Typhoon-linked botnet of compromised devices.
Volt Typhoon is known to target small office and home office routers from Cisco and DrayTek and other edge devices, including Netgear firewalls and Axis IP cameras, and use them to covertly transfer data.
Using the indicators of compromise provided in a recent Black Lotus Labs report on Volt Typhoon, SecurityScorecard was able to track a shift in infrastructure usage between late-November 2023 and early January 2024, and to discover a new shell file that infected devices would fetch and execute.
In an extensive technical writeup, the cybersecurity firm says it was able to identify two other IP addresses associated with previously detailed Volt Typhoon-linked C&C infrastructure, by monitoring the traffic from the IP where an APT-compromised Cisco RV325 router is known to be located.
Given that this compromised device is in New Caledonia, the cybersecurity firm believes that it serves as a transit point for Volt Typhoon-related traffic.
SecurityScorecard also speculates that the compromise might position the APT in a suitable position to target global communications.
Further analysis of the traffic between known Volt Typhoon infrastructure and likely compromised devices led SecurityScorecard to the conclusion that the APT may operate a much more extensive botnet than previously believed.
Further inspection of the traffic showed connections to the group's infrastructure from 27 IP addresses hosting 69 US, UK, Australian, and Indian government sites, suggesting expanded targeting from Volt Typhoon.


This Cyber News was published on www.securityweek.com. Publication date: Thu, 11 Jan 2024 16:13:03 +0000


Cyber News related to China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments

Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
9 months ago Darkreading.com
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
8 months ago Techtarget.com
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
9 months ago Securityweek.com
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
8 months ago Securityboulevard.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
10 months ago Bleepingcomputer.com
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity - The portion of China's Volt Typhoon advanced persistent threat that focuses on infiltrating operational technology networks in critical infrastructure has already performed reconnaissance and enumeration of multiple US-based electric companies, while ...
8 months ago Darkreading.com
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
9 months ago Bleepingcomputer.com
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet - US law enforcement has disrupted the infrastructure of the notorious China-sponsored cyberattack group known as Volt Typhoon. The state-backed group uses it as a launchpad for other attacks, particularly on US critical infrastructure, because the ...
9 months ago Darkreading.com
China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure - The US Cybersecurity and Infrastructure Security Agency has issued a report detailing how the China-backed Volt Typhoon advanced persistent threat is consistently targeting highly sensitive critical infrastructure, with new information on the ...
9 months ago Darkreading.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
10 months ago Securityweek.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
10 months ago Packetstormsecurity.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
9 months ago Cysecurity.news
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
8 months ago Go.theregister.com
The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure - The United States National Security Agency is often tight-lipped about its work and intelligence. At the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency's Cybersecurity Collaboration Center had a "Call to ...
11 months ago Wired.com
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
8 months ago Heimdalsecurity.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
10 months ago Darkreading.com
Stifling Beijing in cyberspace big focus for UK operatives The Register - Regular attendees of CYBERUK, the annual conference hosted by British intelligence unit the National Cyber Security Centre, will know that in addition to the expected conference panels, there is usually an interwoven theme to proceedings. Various ...
5 months ago Theregister.com
China's Hackers Keep Targeting US Water and Electricity Supplies - An indictment from the US Department of Justice may have solved the mystery of how disgraced cryptocurrency exchange FTX lost over $400 million in crypto. The indictment, filed last week, alleges that three individuals used a SIM-swapping attack to ...
9 months ago Wired.com
'Volt Typhoon' hackers target US critical infrastructure - Background Hackers allegedly connected to the People's Liberation Army in China are responsible for a series of recent attacks on critical infrastructure in the USA, according to a report first published in the Washington Post. The attacks on tens of ...
10 months ago Pandasecurity.com
Cyberthreat landscape permanently altered by Chinese operations, US officials say - SAN FRANCISCO - Even if the U.S. government eventually ejects a notorious Chinese hacking operation that has tunneled into critical infrastructure entities, the sweeping digital campaign has permanently altered the cyberthreat landscape, federal ...
5 months ago Therecord.media
Explainer: what is Volt Typhoon and why is it the 'defining threat of our generation'? - Relations between the US and China - particularly over Beijing's threats to annex Taiwan - have plummeted in recent years, prompting growing concern about the potential for hostilities or all-out conflict. So recent revelations that a Chinese hacking ...
8 months ago Packetstormsecurity.com
Critical infrastructure hacks raise alarms on Chinese threats - A U.S. law enforcement operation in December disrupted a botnet of hundreds of routers operated by Chinese nation-state actors. The campaign has raised concerns about potentially destructive cyberattacks from the country. The law enforcement ...
9 months ago Techtarget.com
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
8 months ago Darkreading.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
8 months ago Darkreading.com
Volt Typhoon - Volt Typhoon is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021. Volt Typhoon typically focuses on espionage and information gathering and has targeted critical infrastructure organizations in the US ...
11 months ago Attack.mitre.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)