Threat Intelligence

Dismantled Volt Typhoon botnet’s restoration underway

Network of platforms with bots on top botnet cybersecurity conce

Numerous Cisco and Netgear routers have been compromised by Chinese state-backed cyberespionage operation Volt Typhoon since September as part of efforts to reconstruct its KV-Botnet malware, which had been unsuccessfully revived after being disrupted by the FBI in JanuaryBleepingComputer reports.

Volt Typhoon sought to rebuild KV-Botnet, also known as JDYFJ Botnet, through attacks deploying MIPS-based malware and web shells against primarily Asia-based Cisco RV320/325 and Netgear ProSafe series devices, with nearly 30% of all online Cisco devices breached in a little over a month, an analysis from SecurityScorecard's STRIKE Team researchers revealed. Malicious activities have been concealed through traffic routing, with the botnet's network bolstered by the use of Digital Ocean, Vultr, and Quadranet-based command servers. "We don't know specifically what weakness or flaw is being exploited. However, with the devices being end-of-life, updates are no longer provided," said researchers, who warned that the activity signifies Volt Typhoon's imminent global operations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds