The US administration has claimed to have stopped a China-sponsored attempt to place malware that could potentially damage the countryâs critical infrastructure.
âThe hackers, Volt Typhoon, used privately owned SOHO [Small Office and Home Office] routers infected with the âKV Botnetâ malware to conceal the PRC [Peopleâs Republic of China] origin of further hacking activities directed against the US and other foreign victims,â said the press release issued by the United States Attorneyâs Office in the Southern District of Texas.
The court-authorized operation deleted the KV Botnet malware comprising routers owned by SOHO that had been hijacked as part of the China-backed hacking. Other steps, including blocking communications between routers and other devices used to control the botnet, were taken as part of the operation to prevent reinfection.
The routers that comprised the KV Botnet were Cisco and NetGear routers that had reached the âend of lifeâ stage, which means they were not supported by security patches or updates, thus making them more vulnerable.
âChinaâs hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harmÂ to American citizens and communities in the event of conflict,âÂ said FBI Director Christopher Wray. âVolt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.â
âBy ensuring home and small-business routers are replaced after their end-of-life expiration, everyday citizens can protect both their personal cybersecurity and the digital safety of the United States. We need the American public vigilance and support to continue our fight against malicious PRC-sponsored cyber actors,â said Douglas Williams, Special Agent in Charge at the FBI Houston Field Office.
The operation neither affected the genuine working nor collected information from the hacked routers. The agencies are providing information about the operation to the owners or operators of the affected routers. However, the US authorities have not revealed the damage caused by the attack.
Earlier, tech giant Microsoft had also warned that the state-sponsored Chinese hacking group was spying on the US Government organizations.
âMicrosoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,â said the warning issued by Microsoft.
Last year, the Cybersecurity and Infrastructure Security Agency (CISA) issued a similar warning. âThe United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a Peopleâs Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon,â said a statement jointly issued by the authorities in the US, Australia, Canada, New Zealand, and the UK, collectively known as Five Eyes.
The changing geopolitical equation between the US and China is leading to a growing number of cyberattacks on government agencies and infrastructure. Last year, China-backed hackers are believed to have hacked the email account of Nicholas Burns, the US ambassador to China.
Go to Source