San Francisco, November 14, 2024 – The cyber-espionage group Volt Typhoon, linked to China, has renewed its campaign against US infrastructure, utilizing an advanced botnet to exploit outdated routers and infiltrate essential networks.
Volt Typhoon’s resurgence follows nearly ten months after US authorities dismantled parts of the group’s botnet, which previously targeted critical sectors such as energy, water, and telecommunications. According to a recent report by SecurityScorecard, the group is now leveraging end-of-life Cisco and Netgear routers that no longer receive security updates.
The renewed activity highlights a sophisticated escalation in Volt Typhoon’s tactics, as researchers indicate that the hackers are exploiting vulnerabilities in legacy devices. SecurityScorecard’s report reveals that within just 37 days, approximately 30% of visible Cisco RV320/325 routers were compromised.
Ryan Sherstobitoff, Senior Vice President of Threat Research at SecurityScorecard, noted that Volt Typhoon has adopted a resilient and adaptable strategy, intensifying its foothold rather than retreating when detected. The group employs a botnet infrastructure designed to evade detection, utilizing servers in Europe and Asia-Pacific to mask their command-and-control operations.
Moreover, the group’s malicious infrastructure includes a VPN device in New Caledonia, facilitating communication between Asia-Pacific and the Americas while maintaining a low profile. SecurityScorecard’s findings underscore a broader trend of increased Chinese cyber-espionage activities, raising concerns about national security and the stability of global cybersecurity.
As the situation develops, the implications of Volt Typhoon’s activities continue to pose significant risks to critical infrastructure, highlighting the urgent need for enhanced cybersecurity measures across vulnerable sectors.
