'Here it comes': China-backed hackers 'Volt Typhoon' targeting U.S. critical infrastructure via outdated switches

Hacked Cyber Attack by is licensed under Canva
QUANTICO, VA - A state-sponsored hacking group supported by China known as "Volt Typhoon" has been identified by federal authorities as the group targeting U.S. critical infrastructure by exploiting the vulnerabilities of outdated networking switches.

As reported by Network World, FBI agents were able to defuse an attack targeting hundreds of network routers located in homes and small and medium sized businesses across the country designed to eventually attack the nation's cyber infrastructure. This, citing an announcement at a House Select Committee hearing from Director Christopher Wray.

Wray, addressing the mode of attack from "Volt Typhoon," told Congress that the routers selected were outdated and were thus "easy targets" that could be converted via malware infection into a botnet, usable by the group to launch attacks on critical U.S. infrastructure.

The FBI explained in a statement on Jan. 31st, "The vast majority of routers that comprised the KV Botnet were Cisco and NetGear routers that were vulnerable because they had reached “end of life” status; that is, they were no longer supported through their manufacturer’s security patches or other software updates."

Wray said in the statement, "Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans."

Attorney General Merrick B. Garland added, "The Justice Department has disrupted a PRC-backed hacking group that attempted to target America’s critical infrastructure utilizing a botnet. The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people."

In an advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) the agencies observed "indications of Volt Typhoon actors maintaining access and footholds within some victim IT environments for at least five years."

The advisory urged owners of older, now-discontinued routers to apply mitigating steps found in the document to prevent the hijacking of their network equipment, urging them to strengthen security around administrative logins and monitor networks for unusual or otherwise impossible usage.

While the government agencies did not specifically identify the make and model of the routers impacted, Network World reported, "Security firm Lumen Technologies has been tracking Volt Typhoon and identified Netgear ProSAFE firewalls, Cisco RV320s, DrayTek Vigor routers, and Axis IP cameras as the targets."
For corrections or revisions, click here.
The opinions reflected in this article are not necessarily the opinions of LET
Sign in to comment


Powered by StructureCMS™ Comments

Get latest news delivered daily!

We will send you breaking news right to your inbox

© 2024 Law Enforcement Today, Privacy Policy