'

US security agencies terminate China-backed hacking attempt

The US administration has claimed to have stopped a China-sponsored attempt to place malware that could potentially damage the country’s critical infrastructure.

“The hackers, Volt Typhoon, used privately owned SOHO [Small Office and Home Office] routers infected with the ‘KV Botnet’ malware to conceal the PRC [People’s Republic of China] origin of further hacking activities directed against the US and other foreign victims,” said the press release issued by the United States Attorney’s Office in the Southern District of Texas.

The court-authorized operation deleted the KV Botnet malware comprising routers owned by SOHO that had been hijacked as part of the China-backed hacking. Other steps, including blocking communications between routers and other devices used to control the botnet, were taken as part of the operation to prevent reinfection.

The routers that comprised the KV Botnet were Cisco and NetGear routers that had reached the “end of life” stage, which means they were not supported by security patches or updates, thus making them more vulnerable.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” said FBI Director Christopher Wray. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”

“By ensuring home and small-business routers are replaced after their end-of-life expiration, everyday citizens can protect both their personal cybersecurity and the digital safety of the United States. We need the American public vigilance and support to continue our fight against malicious PRC-sponsored cyber actors,” said Douglas Williams, Special Agent in Charge at the FBI Houston Field Office.

The operation neither affected the genuine working nor collected information from the hacked routers. The agencies are providing information about the operation to the owners or operators of the affected routers. However, the US authorities have not revealed the damage caused by the attack.

Past warnings

Earlier, tech giant Microsoft had also warned that the state-sponsored Chinese hacking group was spying on the US Government organizations.

“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” said the warning issued by Microsoft.

Last year, the Cybersecurity and Infrastructure Security Agency (CISA) issued a similar warning. “The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,” said a statement jointly issued by the authorities in the US, Australia, Canada, New Zealand, and the UK, collectively known as Five Eyes.

The changing geopolitical equation between the US and China is leading to a growing number of cyberattacks on government agencies and infrastructure. Last year, China-backed hackers are believed to have hacked the email account of Nicholas Burns, the US ambassador to China.

Cyberattacks


Go to Source
Author: