menu
techminis

A naukri.com initiative

google-web-stories
source image

Securityaffairs

1M

read

85

img
dot

China’s Volt Typhoon botnet has re-emerged

  • The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers.
  • Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.
  • The group managed to maintain access without being detected for as long as possible.
  • The APT group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
  • In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet to the operations of China-linked threat actor Volt Typhoon.
  • The U.S. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices. However, despite the botnet disruption, Volt Typhoon remains active.
  • In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assessed that People’s Republic of China (PRC) state-sponsored cyber actors warned that the APT group had been pre-positioning itself on IT networks.
  • SecurityScorecard warned that the botnet is back, and it is composed of compromised Netgear ProSafe, Cisco RV320/325 and Mikrotik networking devices.
  • While Volt Typhoon doesn’t use ransomware, its ecosystem benefits from Ransomware-as-a-Service (RaaS), where ransom payments fund advanced tools.
  • Volt Typhoon is both a resilient botnet—and a warning. Without decisive action, this silent threat could trigger a critical infrastructure crisis driven by vulnerabilities left unresolved.

Read Full Article

like

5 Likes

For uninterrupted reading, download the app