:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/HMW5R5G27JGFLF4I6U6GNKFUVY.jpg)
Authorities have disrupted a hacking group backed by China that was targeting critical U.S. infrastructure through malware installed on routers based in America, the Justice Department and FBI said Wednesday.
“The Justice Department has disrupted a (People’s Republic of China)-backed hacking group that attempted to target America’s critical infrastructure utilizing a botnet,” U.S. Attorney General Merrick Garland said in a statement.
He added, “The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people.”
The #FBI and #DOJ announced a court-authorized disruption of a People's Republic of China botnet which exploited vulnerabilities in small office/home office (SOHO) routers to conceal malicious hacking activities. Read more about the operation: https://t.co/BKNEvnoW5i pic.twitter.com/gy77xHl7gY
— FBI (@FBI) January 31, 2024
A group of Chinese state-sponsored hackers known as Volt Typhoon hijacked hundreds of privately owned home and small office routers, officials said. The routers were infected with malware called KV Botnet to hide China’s role in the hacks and to further the operation, which also targeted infrastructure in other countries, according to the Justice Department.
“Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors,” FBI Director Christopher Wray said. “Their pre-positioning constitutes a potential real-world threat to our physical safety that the FBI is not going to tolerate. We are going to continue to work with our partners to hit the PRC hard and early whenever we see them threaten Americans.”
Most of the compromised routers were made by Cisco and NetGear and were vulnerable “because they had reached ‘end of life’ status,” meaning that they were no longer supported by or getting security updates from their manufacturers, officials said. “Hundreds of routers nationwide” were infected, Deputy U.S. Attorney General Lisa Monaco said.
Through a court-authorized operation last month, authorities deleted the malware from affected routers and took steps to block the devices from the botnet. Owners are being notified, according to officials.
Authorities said the government’s response to the hacks highlight its partnership with private businesses and the importance of staying vigilant and retiring tech at the end of its life.
“By ensuring home and small-business routers are replaced after their end-of-life expiration, everyday citizens can protect both their personal cyber security and the digital safety of the United States,” said Special Agent in Charge Douglas Williams of the FBI Houston Field Office. “We need the American public’s vigilance and support to continue our fight against malicious PRC-sponsored cyber actors.”
Officials urged people who think they might have a compromised router to visit the FBI’s Internet Crime Complaint Center or report the possibility to the Cybersecurity and Infrastructure Security Agency.
The FBI continues to investigate.
© 2024 Cox Media Group
/cloudfront-us-east-1.images.arcpublishing.com/cmg/LH3JSJEF3VBLRJLJQESEAG34AM.png)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/PW45EM4B7FCOPLWLGTSI3KSEPY.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/GR3SGT3KL5AOPAOQF7UYYYGX6E.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/PGIPOUCSANF5JA37ANL2VA724I.jpg)
:quality(70)/d1hfln2sfez66z.cloudfront.net/09-06-2024/t_e7ef40da9c5342f394415d5311417d29_name_file_960x540_1200_v3_1_.jpg)
:quality(70)/cloudfront-us-east-1.images.arcpublishing.com/cmg/YPNKLN3F3SQRYL4CBPOZRJSIOQ.jpg)