Announcementseverity: High2024-01-31

DOJ disrupts KV-botnet of compromised SOHO routers

published by U.S. Department of Justice

Actor

PRC state-sponsored actor focused on pre-positioning in U.S. critical infrastructure (communications, energy, transportation, water). Heavy use of living-off-the-land techniques and small-office/home…

Summary

DOJ and FBI announced a court-authorized operation that removed Volt Typhoon malware from hundreds of U.S.-based end-of-life Cisco and NetGear SOHO routers that had been co-opted into the KV-botnet used to obscure the actor's operational traffic.

Primary source

justice.gov

Other Volt Typhoon events

2024-08-22Volt Typhoon exploits Versa Director zero-day (CVE-2024-39717)
2024-02-07Joint CISA/NSA/FBI advisory AA24-038A on Volt Typhoon
2023-05-24Volt Typhoon publicly named, targeting U.S. critical infrastructure

Summary

Tags

Primary source

Other Volt Typhoon events