US law enforcement has disrupted the infrastructure of the notorious China-sponsored cyberattack group known as Volt Typhoon.
The state-backed group uses it as a launchpad for other attacks, particularly on US critical infrastructure, because the botnet's distributed nature makes the activity hard to trace.
After the Volt Typhoon takedown was reported by Reuters earlier this week, US officials confirmed the enforcement action late yesterday.
While silently reaching into the edge gear owned by hundreds of small businesses might seem alarming, the Feds stressed that it accessed no information and affected no legitimate functions of the routers.
Router owners can clear the mitigations by restarting the devices - though this would make them susceptible to reinfection.
Volt Typhoon is part of a broader Chinese effort to infiltrate utilities, energy-sector companies, military bases, telecom companies, and industrial sites in order to plant foothold malware, in preparation for disruptive and destructive attacks down the line.
The goal is to be in position to damage the US ability to respond in the event a kinetic war kicks off over Taiwan or trade issues in the South China Sea, Wray and other officials warned this week.
It's a growing departure from China's usual hack-and-spy operations.
Given that router restarts open the devices to reinfection, and the fact that Volt Typhoon certainly has other ways to launch stealthy attacks against its critical infrastructure quarry, the legal action is bound to be a only temporary disruption for the APT - a fact that even the FBI acknowledged in its statement.
She says that in addition to using a distributed botnet to constantly shift the source of their activity to stay under the radar, Volt Typhoon also reduces the signatures that defenders use to hunt them across networks, and they avoid the use of any binaries that might stand out as indicators of compromise.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 01 Feb 2024 21:50:21 +0000