The US administration has claimed to have stopped a China-sponsored attempt to place malware that could potentially damage the country’s critical infrastructure.
“The hackers, Volt Typhoon, used privately owned SOHO [Small Office and Home Office] routers infected with the ‘KV Botnet’ malware to conceal the PRC [People’s Republic of China] origin of further hacking activities directed against the US and other foreign victims,” said the press release issued by the United States Attorney’s Office in the Southern District of Texas.
The court-authorized operation deleted the KV Botnet malware comprising routers owned by SOHO that had been hijacked as part of the China-backed hacking. Other steps, including blocking communications between routers and other devices used to control the botnet, were taken as part of the operation to prevent reinfection.
The routers that comprised the KV Botnet were Cisco and NetGear routers that had reached the “end of life” stage, which means they were not supported by security patches or updates, thus making them more vulnerable.
“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” said FBI Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”
“By ensuring home and small-business routers are replaced after their end-of-life expiration, everyday citizens can protect both their personal cybersecurity and the digital safety of the United States. We need the American public vigilance and support to continue our fight against malicious PRC-sponsored cyber actors,” said Douglas Williams, Special Agent in Charge at the FBI Houston Field Office.
