IOC pivotioc · name
KV-botnet
CN · ChinaVolt Typhoonconfidence · high
Operator-named botnet family running on compromised end-of-life SOHO routers (predominantly Cisco RV320/325, NETGEAR ProSAFE, Axis IP cameras). Used as obfuscation infrastructure for Volt Typhoon operations; the DOJ disrupted the network in Operation Dying Ember (announced 31 Jan 2024).
- family
- KV-botnet
- first seen
- Jan 30, 2024
- publisher
- CISA