UPDATED 17:41 EDT / JANUARY 31 2024

SECURITY

US disrupts botnet operated by Chinese state-sponsored hacking group

The U.S. government has disrupted a botnet, or network of malware-laden devices, that was used by a Chinese state-sponsored hacking group to disguise its activities.

The Justice Department announced the operation this morning. Also today, several senior U.S. officials testified before Congress on China-backed hacking activities targeting critical infrastructure. 

“The Justice Department has disrupted a PRC-backed hacking group that attempted to target America’s critical infrastructure utilizing a botnet,” said Attorney General Merrick Garland. “The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people.”

The botnet that the government disrupted consisted of several hundred SOHO, or small office and home office, routers installed in the U.S. Most of the routers were made by Cisco Systems Inc. and Netgear Inc. The devices could be compromised because they had reached end-of-life status, meaning they no longer receive security patches.

The Justice Department detailed that the botnet was created by a Chinese state-sponsored hacking group known as Volt Typhoon. According to officials, the group used the breached routers to conceal the origin of a cyberattack campaign directed at U.S. critical infrastructure.

The campaign in question was detailed by Microsoft Corp. last March. According to the company, Volt Typhoon has been targeting critical infrastructure organizations in Guam and other parts of the U.S. The affected organizations are active in the communications, manufacturing, utility, transportation, construction, maritime, government, technology and education sectors.

Microsoft’s researchers determined that Volt Typhoon is seeking to perform espionage as well as maintain a long-term presence in victims’ networks. Additionally, the company detailed the group is “pursuing development of capabilities” that could disrupt communications between the U.S. and Asia in the event of a crisis. Microsoft believes that Volt Typhoon has been active since mid-2021. 

The operation to take down the group’s router botnet was launched last month by the Federal Bureau of Investigation. According to BleepingComputer, the FBI took over a server that Volt Typhoon had used to control the infected routers. Officials then sent commands to the routers that disconnected them from the botnet.

The FBI reportedly also uninstalled a malicious virtual private network, or VPN, tool that the hackers had installed on the compromised devices. The changes will prevent Volt Typhoon from reconnecting the routers to the botnet. For added measure, officials have notified the users whose routers were compromised by the hackers.

Separately, the Cybersecurity and Infrastructure Security Agency and the FBI today released new guidance for network equipment makers. Officials are advising SOHO router manufacturers to implement an automated patching mechanism in their devices. The guidance also emphasizes the need for secure default settings, as well as features that prevent hackers from remotely accessing a router’s management console. 

Photo: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.