The Chinese hacker group Volt Typhoon has reactivated and begun to restore its Botnet KV-Botnet, which was previously dismantled by US law enforcement agencies in January. According to SecurityScorecard, the group has a history of engaging in cyberespionage activities and targeting critical infrastructure in the USA and other countries.
Volt Typhoon hackers target vulnerable devices such as routers and network cameras like Netgear Prosafe, Cisco RV320, and Axis IP cameras. By installing malware on these devices, cybercriminals are able to hide their presence, connect to target networks, and maintain access.
In January 2024, US authorities managed to temporarily disrupt the group’s operations by removing the malicious software from infected devices. However, by August, there were indications that the hackers had found a new vulnerability to exploit and had resumed their activities.
Recent reports suggest that Volt Typhoon hackers are actively working to rebuild their botnet using outdated Cisco and Netgear routers. In just over a month, they have successfully infected a large number of devices by deploying malware based on MIPS architecture and utilizing web shells that operate on non-standard ports, making detection more challenging.
Since September, the hackers have been increasingly targeting devices in Asia, establishing a new network of infected devices in the region.
SecurityScorecard leverages advanced analytical tools and vast amounts of data to provide accurate and timely assessments of cybersecurity risks. The company caters to a diverse clientele, including large corporations, government entities, and small businesses, helping them assess and enhance their cybersecurity posture.