A naukri.com initiative
Securityaffairs
21h
70
China’s Volt Typhoon botnet has re-emerged
- The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers.
- Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.
- The group managed to maintain access without being detected for as long as possible.
- The APT group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
- In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet to the operations of China-linked threat actor Volt Typhoon.
- The U.S. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices. However, despite the botnet disruption, Volt Typhoon remains active.
- In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assessed that People’s Republic of China (PRC) state-sponsored cyber actors warned that the APT group had been pre-positioning itself on IT networks.
- SecurityScorecard warned that the botnet is back, and it is composed of compromised Netgear ProSafe, Cisco RV320/325 and Mikrotik networking devices.
- While Volt Typhoon doesn’t use ransomware, its ecosystem benefits from Ransomware-as-a-Service (RaaS), where ransom payments fund advanced tools.
- Volt Typhoon is both a resilient botnet—and a warning. Without decisive action, this silent threat could trigger a critical infrastructure crisis driven by vulnerabilities left unresolved.
Read Full Article
4 Likes
For uninterrupted reading, download the app