CyberSecurityBoard
Sponsor Register Login

US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon

The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel.
The disruption comes less than two months after researchers at Lumen Technologies linked the hijacked routers to Volt Typhoon, a known Chinese APT previously caught targeting US critical infrastructure.
Volt Typhoon, flagged by Microsoft and US government officials as a Chinese hacking group with the ability to disrupt critical infrastructure, has burrowed deep into thousands of organizations spanning communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and the education sectors.
According to the Justice Department, a court-authorized operation cleared the way for the FBI to remotely seize control of hundreds of infected routers and send instructions to delete malware and change settings used for malware communications.
The FBI used the botnet's own command-and-control communication mechanism to remotely delete the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.
The government released court documents to show how it extensively tested the operation on relevant Cisco and NetGear routers to avoid impacting the legitimate functions of, or collect content information from, hacked routers.
The FBI said it is notifying all owners or operators of SOHO routers that were remotely accessed in the takedown operation.
Last December, researchers warned that the router botnet was packed with outdated Cisco, Netgear and Fortinet devices acting as a Tor-like covert data transfer network to perform malicious operations.
In an interview with SecurityWeek, Black Lotus Labs researcher Danny Adamitis said KV Botner features a complex infection process and a well concealed command-and-control framework.
Adamitis said botnet is made up primarily of end-of-life products that are vulnerable to critical security issues.
Vendors have stopped shipping security patches for these devices, meaning they will remain unpatched.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 31 Jan 2024 21:13:04 +0000


Cyber News related to US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon

CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
4 months ago Techtarget.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
5 months ago Darkreading.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
6 months ago Bleepingcomputer.com
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
4 months ago Bleepingcomputer.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
6 months ago Darkreading.com
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
5 months ago Securityweek.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
6 months ago Securityweek.com
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
6 months ago Packetstormsecurity.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
5 months ago Securityweek.com
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
4 months ago Securityboulevard.com
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet - US law enforcement has disrupted the infrastructure of the notorious China-sponsored cyberattack group known as Volt Typhoon. The state-backed group uses it as a launchpad for other attacks, particularly on US critical infrastructure, because the ...
5 months ago Darkreading.com
Critical infrastructure hacks raise alarms on Chinese threats - A U.S. law enforcement operation in December disrupted a botnet of hundreds of routers operated by Chinese nation-state actors. The campaign has raised concerns about potentially destructive cyberattacks from the country. The law enforcement ...
5 months ago Techtarget.com
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
4 months ago Go.theregister.com
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity - The portion of China's Volt Typhoon advanced persistent threat that focuses on infiltrating operational technology networks in critical infrastructure has already performed reconnaissance and enumeration of multiple US-based electric companies, while ...
4 months ago Darkreading.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
4 months ago Securityboulevard.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
4 months ago Apnews.com
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
4 months ago Heimdalsecurity.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
5 months ago Cysecurity.news
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
4 months ago Bleepingcomputer.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
1 month ago Packetstormsecurity.com
Explainer: what is Volt Typhoon and why is it the 'defining threat of our generation'? - Relations between the US and China - particularly over Beijing's threats to annex Taiwan - have plummeted in recent years, prompting growing concern about the potential for hostilities or all-out conflict. So recent revelations that a Chinese hacking ...
4 months ago Packetstormsecurity.com
China's Cyberattackers Maneuver to Disrupt US Critical Infrastructure - The US Cybersecurity and Infrastructure Security Agency has issued a report detailing how the China-backed Volt Typhoon advanced persistent threat is consistently targeting highly sensitive critical infrastructure, with new information on the ...
4 months ago Darkreading.com
It's not just Volt Typhoon lurking in critical US orgs' IT The Register - Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said. American officials ...
4 months ago Go.theregister.com
The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure - The United States National Security Agency is often tight-lipped about its work and intelligence. At the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency's Cybersecurity Collaboration Center had a "Call to ...
7 months ago Wired.com
Cyberthreat landscape permanently altered by Chinese operations, US officials say - SAN FRANCISCO - Even if the U.S. government eventually ejects a notorious Chinese hacking operation that has tunneled into critical infrastructure entities, the sweeping digital campaign has permanently altered the cyberthreat landscape, federal ...
1 month ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)